Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability was determined in JeecgBoot up to 3.9.2. The affected element is the function WordUtil.addImage of the file /airag/word/edit. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. A fix is planned for the upcoming release.
AnalysisAI
Server-side request forgery in JeecgBoot up to version 3.9.2 allows remote authenticated attackers to induce the server to issue arbitrary outbound HTTP requests via the WordUtil.addImage function at the /airag/word/edit endpoint. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N) confirms network-accessible, low-complexity exploitation requiring only low-privilege credentials with no user interaction needed. Publicly available exploit code exists (E:P in CVSS vector; publicly disclosed per description), and no vendor-released patch has been issued at time of analysis - only a fix planned for an upcoming release.
Technical ContextAI
JeecgBoot is a Java-based open-source low-code development platform widely used for rapid enterprise application development. The vulnerable component is the WordUtil.addImage function, invoked via the /airag/word/edit endpoint (part of the AI RAG word-editing feature). CWE-918 (Server-Side Request Forgery) indicates the root cause: user-supplied input - likely a URL for an image to embed in a Word document - is passed to a server-side HTTP client without adequate validation or allowlisting. This enables the server to act as a proxy, issuing requests on behalf of the attacker to targets the attacker cannot reach directly, such as internal cloud metadata services, internal APIs, or non-internet-facing hosts. The CVSS scope metrics (SC:N/SI:N/SA:N) suggest the confirmed impact is limited to the vulnerable system's own confidentiality, integrity, and availability at low severity, though SSRF primitives frequently enable further lateral movement depending on the network environment.
RemediationAI
No vendor-released patch has been issued for this vulnerability at time of analysis - the vendor has stated a fix is planned for an upcoming release. Monitor the JeecgBoot GitHub repository (https://github.com/jeecgboot/JeecgBoot/) and issue tracker (https://github.com/jeecgboot/JeecgBoot/issues/9610) for a patched release. Until a patch is available, apply the following compensating controls in order of preference: First, restrict access to the /airag/word/edit endpoint via network-layer controls or application firewall rules so that only trusted, identified users can reach it - note this limits functionality for legitimate users of the AI RAG word feature. Second, implement egress filtering on the JeecgBoot server host to block outbound HTTP/HTTPS requests to internal RFC-1918 address ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), loopback (127.0.0.0/8), and cloud metadata endpoints (169.254.169.254) - this is the most impactful control for limiting SSRF blast radius but requires firewall or iptables rule changes that must be tested for operational impact. Third, if the /airag/word/edit feature is not required by your organization, disable or remove it entirely.
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33601
GHSA-gg5c-v856-2rjp