Skip to main content

JeecgBoot CVE-2026-9604

LOW
Improper Access Control (CWE-284)
2026-05-26 VulDB
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Severity Changed
May 26, 2026 - 23:22 NVD
MEDIUM LOW
CVSS changed
May 26, 2026 - 23:22 NVD
4.3 (MEDIUM) 2.1 (LOW)
Source Code Evidence Fetched
May 26, 2026 - 23:21 vuln.today
Analysis Generated
May 26, 2026 - 23:21 vuln.today

DescriptionCVE.org

A vulnerability was detected in JeecgBoot up to 3.9.1. This vulnerability affects unknown code of the component AiragModelController. The manipulation of the argument list/queryById results in improper access controls. The attack can be executed remotely. The exploit is now public and may be used. Upgrading to version 3.9.2 is able to resolve this issue. The affected component should be upgraded.

AnalysisAI

Improper access control in JeecgBoot's AiragModelController (versions up to 3.9.1) permits any authenticated low-privilege user to invoke the list and queryById API endpoints without proper authorization checks, exposing AI RAG model configuration data restricted to higher-privileged roles. The CVSS vector (PR:L, C:L) confirms this is an authorization bypass rather than a full authentication bypass, limiting impact to confidentiality of AI model metadata. Publicly available exploit code exists (GitHub issue #9599, referenced in the exploit tag), though no CISA KEV listing indicates confirmed widespread active exploitation at time of analysis.

Technical ContextAI

JeecgBoot is a Java-based low-code rapid development platform integrating Spring Boot, MyBatis-Plus, and an AI/RAG (Retrieval-Augmented Generation) layer. The affected component, AiragModelController, is part of the platform's AI assistant subsystem introduced in recent versions to manage AI model configurations. CWE-284 (Improper Access Control) is the root cause: the controller's list and queryById action handlers lack role or permission gate enforcement, meaning the application's access control policy is either absent or incorrectly applied at the endpoint level. The CPE (cpe:2.3:a:n/a:jeecgboot:*:*:*:*:*:*:*:*) reflects that NVD has not yet assigned a formal vendor identifier. The v3.9.2 release notes confirm a broader security hardening pass that added permission validation to MCP and underlying sensitive AI tools ('给 MCP / 底层敏感工具 全面加上权限校验'), corroborating that this class of endpoint was systematically under-protected.

RemediationAI

The vendor-released patch is JeecgBoot v3.9.2, available at https://github.com/jeecgboot/JeecgBoot/releases/tag/v3.9.2. Upgrading to v3.9.2 is the primary and recommended fix, as it applies permission validation to the AiragModelController and related AI tool endpoints. If immediate upgrade is not feasible, a compensating control is to restrict access to the AiragModelController endpoints (list, queryById) at the API gateway or reverse proxy layer to only administrator-role sessions - note this requires knowing the exact route paths from the JeecgBoot route configuration and may break legitimate admin UI functionality if not scoped precisely. For multi-tenant deployments, review whether the cross-tenant isolation fixes noted in v3.9.2 (AiragApp cross-tenant write, #9462; Token privilege escalation, #9518) also apply to your environment, as these represent a related class of access control deficiencies patched in the same release.

Share

CVE-2026-9604 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy