CVE-2026-10241

Name of the Vulnerable Software and Affected Versions jeecgboot versions prior to 3.9.2

Description A remote server-side request forgery (SSRF) exists in the Cloud Instance Metadata Endpoint component. The issue occurs within the FileDownloadUtils.download2DiskFromNet() function located in the /airag/app/debug file, where improper manipulation of processed URLs allows an attacker to induce the server to make unintended requests.

Recommendations Upgrade to version 3.9.2.