PT-2026-36570 · Unknown · Jeecg-Boot
Ana10Gy
·
Published
2026-05-02
·
Updated
2026-05-02
·
CVE-2026-7603
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
JeecgBoot versions prior to 3.9.2
Description
A server-side request forgery (SSRF) exists in the 'LoadFile' endpoint. The issue occurs within the
checkPathTraversalBatch() function of the FileDownloadUtils.jav file due to improper manipulation of the files argument, allowing a remote attacker to initiate the attack.Recommendations
Upgrade the affected component to a version later than 3.9.1.
As a temporary workaround, restrict access to the 'LoadFile' endpoint to minimize the risk of exploitation.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jeecg-Boot