← volver
CVE-2026-7602

JeecgBoot FillRuleUtil edit improper authorization

CVSS 5.3 MEDIUMEPSS 0.2%CWE-266CWE-285
A vulnerability was found in JeecgBoot up to 3.9.1. Affected by this vulnerability is an unknown functionality of the file /sys/fillRule/edit of the component FillRuleUtil Component. The manipulation of the argument ruleClass results in improper authorization. The attack may be performed from remote. The exploit has been made public and could be used. You should upgrade the affected component. The vendor confirmed the issue and will provide a fix in the upcoming release.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Productos afectados
n/a · JeecgBoot
PoCs públicas encontradas1
cve_referencegithub.com/jeecgboot/JeecgBoot/issues/9552no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/jeecgboot/JeecgBoot/https://github.com/jeecgboot/JeecgBoot/issues/9552https://github.com/jeecgboot/JeecgBoot/issues/9552#issuecomment-4251391314https://vuldb.com/submit/805706https://vuldb.com/vuln/360559https://vuldb.com/vuln/360559/cti