CVE-2026-7605

Name of the Vulnerable Software and Affected Versions JeecgBoot versions prior to 3.9.2

Description A flaw in the uploadImgByHttpEndpoint component allows for remote server-side request forgery (SSRF), which occurs when a server is tricked into making unauthorized requests to internal or external resources. This issue affects the functions CommonController.uploadImgByHttp(), HttpFileToMultipartFileUtil.httpFileToMultipartFile(), and HttpFileToMultipartFileUtil.downloadImageData() within the CommonController.java file.

Recommendations Upgrade to the upcoming release containing the fix. As a temporary workaround, restrict access to the CommonController.uploadImgByHttp() function to minimize the risk of exploitation.