CVE-2026-7605

Name of the Vulnerable Software and Affected Versions JeecgBoot versions prior to 3.9.2

Description A server-side request forgery (SSRF) flaw exists in the uploadImgByHttpEndpoint component. This issue occurs within the CommonController.java file, specifically affecting the functions CommonController.uploadImgByHttp(), HttpFileToMultipartFileUtil.httpFileToMultipartFile(), and HttpFileToMultipartFileUtil.downloadImageData(). A remote attacker can initiate a manipulation to trigger this flaw.

Recommendations Update to the upcoming release that contains the fix. As a temporary workaround, restrict access to the CommonController.uploadImgByHttp() function to minimize the risk of exploitation.