CVE-2026-8195

Name of the Vulnerable Software and Affected Versions JeecgBoot versions prior to 3.9.2

Description A cross-site scripting issue exists in the SVG File Handler component within the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java. This flaw allows a remote attacker to execute malicious scripts via manipulation of an unknown function in the specified controller.

Recommendations Update to a version later than 3.9.1. As a temporary workaround, restrict access to the SVG File Handler component in CommonController.java to minimize the risk of exploitation.