CVE-2026-7604
JeecgBoot OpenApi Service OpenApiController.java OpenApiController.call server-side request forgery
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was identified in JeecgBoot up to 3.9.1. This affects the function OpenApiController.add/OpenApiController.call of the file OpenApiController.java of the component OpenApi Service. Such manipulation of the argument originUrl database leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly available and might be used. It is suggested to upgrade the affected component. The vendor confirmed the issue and will provide a fix in the upcoming release.
| CWE | CWE-918 |
| Vendor | n/a |
| Product | jeecgboot |
| Published | May 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a jeecgboot
Be the first to know when new medium vulnerabilities affecting n/a jeecgboot are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / JeecgBoot
3.9.0 3.9.1
References
vuldb.com: https://vuldb.com/vuln/360561 vuldb.com: https://vuldb.com/vuln/360561/cti vuldb.com: https://vuldb.com/submit/805708 github.com: https://github.com/jeecgboot/JeecgBoot/issues/9554 github.com: https://github.com/jeecgboot/JeecgBoot/issues/9554#issuecomment-4251574151 github.com: https://github.com/jeecgboot/JeecgBoot/
Credits
๐ Ana10gy (VulDB User) VulDB CNA Team