CVE-2026-2555

Name of the Vulnerable Software and Affected Versions JeecgBoot version 3.9.1

Description A weakness exists in JeecgBoot that allows for deserialization. This issue affects the importDocumentFromZip function within the org/jeecg/modules/airag/llm/controller/AiragKnowledgeController.java file of the Retrieval-Augmented Generation component. The attack can be initiated remotely and is considered highly complex with difficult exploitability. The project maintainers were notified of the issue but have not yet responded.

Recommendations Versions prior to 3.9.1 are not affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.