JeecgBoot
CVE-2026-9604
LOW
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability was detected in JeecgBoot up to 3.9.1. This vulnerability affects unknown code of the component AiragModelController. The manipulation of the argument list/queryById results in improper access controls. The attack can be executed remotely. The exploit is now public and may be used. Upgrading to version 3.9.2 is able to resolve this issue. The affected component should be upgraded.
AnalysisAI
Improper access control in JeecgBoot's AiragModelController (versions up to 3.9.1) permits any authenticated low-privilege user to invoke the list and queryById API endpoints without proper authorization checks, exposing AI RAG model configuration data restricted to higher-privileged roles. The CVSS vector (PR:L, C:L) confirms this is an authorization bypass rather than a full authentication bypass, limiting impact to confidentiality of AI model metadata. Publicly available exploit code exists (GitHub issue #9599, referenced in the exploit tag), though no CISA KEV listing indicates confirmed widespread active exploitation at time of analysis.
Technical ContextAI
JeecgBoot is a Java-based low-code rapid development platform integrating Spring Boot, MyBatis-Plus, and an AI/RAG (Retrieval-Augmented Generation) layer. The affected component, AiragModelController, is part of the platform's AI assistant subsystem introduced in recent versions to manage AI model configurations. CWE-284 (Improper Access Control) is the root cause: the controller's list and queryById action handlers lack role or permission gate enforcement, meaning the application's access control policy is either absent or incorrectly applied at the endpoint level. The CPE (cpe:2.3:a:n/a:jeecgboot:*:*:*:*:*:*:*:*) reflects that NVD has not yet assigned a formal vendor identifier. The v3.9.2 release notes confirm a broader security hardening pass that added permission validation to MCP and underlying sensitive AI tools ('给 MCP / 底层敏感工具 全面加上权限校验'), corroborating that this class of endpoint was systematically under-protected.
RemediationAI
The vendor-released patch is JeecgBoot v3.9.2, available at https://github.com/jeecgboot/JeecgBoot/releases/tag/v3.9.2. Upgrading to v3.9.2 is the primary and recommended fix, as it applies permission validation to the AiragModelController and related AI tool endpoints. If immediate upgrade is not feasible, a compensating control is to restrict access to the AiragModelController endpoints (list, queryById) at the API gateway or reverse proxy layer to only administrator-role sessions - note this requires knowing the exact route paths from the JeecgBoot route configuration and may break legitimate admin UI functionality if not scoped precisely. For multi-tenant deployments, review whether the cross-tenant isolation fixes noted in v3.9.2 (AiragApp cross-tenant write, #9462; Token privilege escalation, #9518) also apply to your environment, as these represent a related class of access control deficiencies patched in the same release.
Broken access control in JeecgBoot through 3.9.2 lets authenticated low-privilege users reach the OpenApiAuthController
SQL injection vulnerability in Beijing Guoju Information Technology Co., Ltd JeecgBoot v.3.7.2 allows a remote attacker
JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictIn
JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByC
Improper access control in JeecgBoot through version 3.9.1 exposes the LoginController.selectDepart endpoint at /sys/sel
Improper authentication in JeecgBoot 3.9.1 OpenAPI endpoint allows remote attackers to bypass authentication checks and
Improper authorization in JeecgBoot up to version 3.9.1 allows authenticated remote attackers to bypass access controls
Improper access control in JeecgBoot versions up to 3.9.1 allows authenticated low-privileged remote attackers to bypass
JeecgBoot versions from 3.4.3 up to 3.8.0 were found to contain a SQL injection vulnerability in the /jeecg-boot/online/
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today