PT-2026-36562 · Unknown · Jeecg-Boot
Ana10Gy
·
Published
2026-05-02
·
Updated
2026-05-02
·
CVE-2026-7602
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
JeecgBoot versions prior to 3.9.1
Description
Improper authorization exists in the FillRuleUtil Component within the '/sys/fillRule/edit' endpoint. A remote attacker can manipulate the
ruleClass argument to bypass authorization controls.Recommendations
Upgrade the affected component to a version containing the fix.
As a temporary workaround, restrict access to the '/sys/fillRule/edit' endpoint or avoid using the
ruleClass argument until the update is applied.Exploit
Fix
Incorrect Privilege Assignment
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jeecg-Boot