CVE-2026-7602

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions JeecgBoot versions prior to 3.9.1

Description Improper authorization exists in the FillRuleUtil Component within the '/sys/fillRule/edit' endpoint. A remote attacker can manipulate the ruleClass argument to bypass authorization controls.

Recommendations Upgrade the affected component to a version containing the fix. As a temporary workaround, restrict access to the '/sys/fillRule/edit' endpoint or avoid using the ruleClass argument until the update is applied.

Exploit

Fix

Improper Authorization

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-266

Related Identifiers

CVE-2026-7602

Affected Products

Jeecg-Boot

CVE-2026-7602

Weakness Enumeration

Related Identifiers

Affected Products

References · 8