CVE-2026-11464

Name of the Vulnerable Software and Affected Versions JeecgBoot versions prior to 3.9.3

Description An information disclosure issue exists in the User List Endpoint. The manipulation of the salt argument within the queryPageList() function of the srcmainjavaorgjeecgmodulessystemcontrollerSysUserController.java file allows for remote attacks. This issue is characterized by high complexity and difficult exploitation.

Recommendations Update to a version newer than 3.9.2. As a temporary workaround, restrict access to the queryPageList() function to minimize the risk of exploitation.