CVE-2026-7603
JeecgBoot LoadFile Endpoint FileDownloadUtils.jav checkPathTraversalBatch server-side request forgery
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile Endpoint. This manipulation of the argument files causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The affected component should be upgraded. The vendor confirmed the issue and will provide a fix in the upcoming release.
| CWE | CWE-918 |
| Vendor | n/a |
| Product | jeecgboot |
| Published | May 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a jeecgboot
Be the first to know when new medium vulnerabilities affecting n/a jeecgboot are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / JeecgBoot
3.9.0 3.9.1
References
vuldb.com: https://vuldb.com/vuln/360560 vuldb.com: https://vuldb.com/vuln/360560/cti vuldb.com: https://vuldb.com/submit/805707 github.com: https://github.com/jeecgboot/JeecgBoot/issues/9553 github.com: https://github.com/jeecgboot/JeecgBoot/issues/9553#issuecomment-4251745014 github.com: https://github.com/jeecgboot/JeecgBoot/
Credits
๐ Ana10gy (VulDB User) VulDB CNA Team