Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
JeecgBoot 3.9.0: Server-side Request Forgery in Upload Function
CVE-2026-2945
Summary
A security weakness in JeecgBoot 3.9.0 makes it possible for an attacker to trick the server into accessing sensitive resources. This allows an attacker to potentially access unauthorized data or systems. We recommend updating to a patched version or seeking assistance from the vendor to ensure your system is secure.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| jeecg | jeecg_boot | 3.9.0 | – |
Original title
A weakness has been identified in JeecgBoot 3.9.0. Affected by this vulnerability is an unknown functionality of the file /sys/common/uploadImgByHttp. Executing a manipulation of the argument fileU...
Original description
A weakness has been identified in JeecgBoot 3.9.0. Affected by this vulnerability is an unknown functionality of the file /sys/common/uploadImgByHttp. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.5
nvd CVSS4.0
5.3
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
- https://vuldb.com/?ctiid.347315 Permissions Required VDB Entry
- https://vuldb.com/?id.347315 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.754590 Third Party Advisory VDB Entry
- https://www.yuque.com/la12138/vxbwk9/glws4ppukxqtpfhl?singleDoc Exploit Third Party Advisory
Published: 22 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026