PT-2026-36571 · Unknown · Jeecg-Boot
Ana10Gy
·
Published
2026-05-02
·
Updated
2026-05-02
·
CVE-2026-7604
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
JeecgBoot versions prior to 3.9.2
Description
An issue in the OpenApi Service component allows remote attackers to perform server-side request forgery (SSRF), a flaw where the server is coerced into making unintended requests. This occurs through the manipulation of the
originUrl argument within the 'OpenApiController.add' and 'OpenApiController.call' functions of the OpenApiController.java file.Recommendations
Upgrade the affected component to a version that contains the fix.
As a temporary workaround, restrict access to the 'OpenApiController.add' and 'OpenApiController.call' functions.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jeecg-Boot