Is there a public PoC exploit available for CVE-2026-9579?

Yes, a public proof-of-concept exploit is available for CVE-2026-9579. Prioritise patching immediately. EPSS: 0.0%.

Is there a patch available for CVE-2026-9579?

Yes, a patch is available for CVE-2026-9579. Update the affected software to the latest version immediately.

JeecgBoot CVE-2026-9579

Q: What is the CVSS score of CVE-2026-9579?

CVE-2026-9579 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-31973 LOW

Improper Access Control (CWE-284)

2026-05-26 VulDB

GHSA-q7x2-2w32-gxv3

Authentication Bypass

2.1

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

May 26, 2026 - 21:22 NVD

MEDIUM LOW

CVSS changed

May 26, 2026 - 21:22 NVD

6.3 (MEDIUM) 2.1 (LOW)

Source Code Evidence Fetched

May 26, 2026 - 21:04 vuln.today

Analysis Generated

May 26, 2026 - 21:04 vuln.today

DescriptionNVD

A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is the function user.getUsername of the file /sys/user/login/setting/userEdit of the component SysUser. The manipulation of the argument userIdentity results in improper access controls. The attack may be launched remotely. The exploit has been made public and could be used. Upgrading to version 3.9.2 is recommended to address this issue. The affected component should be upgraded.

AnalysisAI

Improper access control in JeecgBoot versions up to 3.9.1 allows authenticated low-privileged remote attackers to bypass authorization checks by manipulating the userIdentity argument in the SysUser component's user.getUsername function at the /sys/user/login/setting/userEdit endpoint. A publicly available proof-of-concept exploit exists via GitHub issue #9596, increasing practical risk for any multi-user JeecgBoot deployment where adversaries hold a low-privileged account. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-9579 vulnerability details – vuln.today

Back