CVE-2026-5616

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions JeecgBoot versions 3.9.0 through 3.9.1

Description A security issue exists in JeecgBoot versions 3.9.0 and 3.9.1 related to missing authentication within the AI Chat Module. The issue is located in an unknown function within the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/airag/JeecgBizToolsProvider.java. This allows for remote exploitation.

Recommendations Apply the patch b7c9aeba7aefda9e008ea8fe4fc3daf08d0c5b39/2c1cc88b8d983868df8c520a343d6ff4369d9e59 to resolve this issue.

Fix

Missing Authentication

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-287

Related Identifiers

CVE-2026-5616

Affected Products

Jeecg-Boot

CVE-2026-5616

Weakness Enumeration

Related Identifiers

Affected Products

References · 10