CVE-2026-7603

Name of the Vulnerable Software and Affected Versions JeecgBoot versions prior to 3.9.2

Description A server-side request forgery (SSRF) exists in the 'LoadFile' endpoint. The issue occurs within the checkPathTraversalBatch() function of the FileDownloadUtils.jav file due to improper manipulation of the files argument, allowing a remote attacker to initiate the attack.

Recommendations Upgrade the affected component to a version later than 3.9.1. As a temporary workaround, restrict access to the 'LoadFile' endpoint to minimize the risk of exploitation.