CVE-2026-3189

Name of the Vulnerable Software and Affected Versions feiyuchuixue sz-boot-parent versions through 1.3.2-beta

Description A weakness exists in feiyuchuixue sz-boot-parent up to version 1.3.2-beta. This issue affects unknown code within the /api/admin/common/files/download file. Manipulation of the url argument can lead to server-side request forgery (SSRF). The attack can be executed remotely and is considered highly complex with difficult exploitability. The developers addressed this by adding a URL protocol whitelist validation to the file download interface, allowing only 'http' and 'https' protocols.

Recommendations Upgrade to version 1.3.3-beta to resolve this vulnerability.