CVE-2026-5848

Name of the Vulnerable Software and Affected Versions jeecgboot JimuReport versions up to 2.3.0

Description A code injection issue exists in the Data Source Handler component of jeecgboot JimuReport, specifically within the DriverManager.getConnection function located in the /drag/onlDragDataSource/testConnection file. Manipulation of the dbUrl argument can lead to code injection. The attack can be initiated remotely, and the exploit has been made public. The vendor has confirmed the issue and plans to release a fix in a future version.

Recommendations Versions prior to 2.3.0 should be used. As a temporary workaround, consider restricting access to the Data Source Handler component or disabling the affected function until a patch is available.