CVE-2026-9579

MEDIUM 6.3

JeecgBoot SysUser userEdit user.getUsername access control

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

13th

A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is the function user.getUsername of the file /sys/user/login/setting/userEdit of the component SysUser. The manipulation of the argument userIdentity results in improper access controls. The attack may be launched remotely. The exploit has been made public and could be used. Upgrading to version 3.9.2 is recommended to address this issue. The affected component should be upgraded.

CWE	CWE-284 CWE-266
Vendor	n/a
Product	jeecgboot
Published	May 26, 2026
Last Updated	May 27, 2026

Stay Ahead of the Next One

Get instant alerts for n/a jeecgboot

Be the first to know when new medium vulnerabilities affecting n/a jeecgboot are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

n/a / JeecgBoot

3.9.0 3.9.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/365635 vuldb.com: https://vuldb.com/vuln/365635/cti vuldb.com: https://vuldb.com/submit/817891 github.com: https://github.com/jeecgboot/JeecgBoot/issues/9596 github.com: https://github.com/jeecgboot/JeecgBoot/issues/9596#issuecomment-4385414813 github.com: https://github.com/jeecgboot/JeecgBoot/releases/tag/v3.9.2 github.com: https://github.com/jeecgboot/JeecgBoot/

Credits

🔍 AliceS614 (VulDB User)