Is there a public PoC exploit available for CVE-2026-7605?

Yes, a public proof-of-concept exploit is available for CVE-2026-7605. Prioritise patching immediately. EPSS: 0.0%.

Is there a patch available for CVE-2026-7605?

Yes, a patch is available for CVE-2026-7605. Update the affected software to the latest version immediately.

JeecgBoot CVE-2026-7605

Q: What is the CVSS score of CVE-2026-7605?

CVE-2026-7605 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-26753 LOW

Server-Side Request Forgery (SSRF) (CWE-918)

2026-05-02 VulDB

Java SSRF

2.1

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

May 02, 2026 - 07:30 vuln.today

Severity Changed

May 02, 2026 - 07:22 NVD

MEDIUM LOW

CVSS changed

May 02, 2026 - 07:22 NVD

6.3 (MEDIUM) 2.1 (LOW)

PoC Detected

May 02, 2026 - 07:16 vuln.today

Public exploit code

EUVD ID Assigned

May 02, 2026 - 07:00 euvd

EUVD-2026-26753

Analysis Generated

May 02, 2026 - 07:00 vuln.today

Patch released

May 02, 2026 - 07:00 nvd

Patch available

CVE Published

May 02, 2026 - 06:15 nvd

LOW 2.1

DescriptionNVD

A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMultipartFileUtil.downloadImageData of the file CommonController.java of the component uploadImgByHttpEndpoint. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. Upgrading the affected component is recommended. The vendor confirmed the issue and will provide a fix in the upcoming release.

AnalysisAI

Server-side request forgery in JeecgBoot up to 3.9.1 allows authenticated remote attackers to manipulate the CommonController.uploadImgByHttp endpoint and trigger arbitrary HTTP requests from the server, with publicly available exploit code and vendor confirmation of the issue. The vulnerability affects the image upload functionality through HttpFileToMultipartFileUtil.httpFileToMultipartFile and downloadImageData methods, enabling attackers with valid credentials to abuse the application as a proxy for outbound requests.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7605 vulnerability details – vuln.today

Back