Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
JeecgBoot SQL Injection in getDictItems Function
CVE-2026-3672
Summary
A flaw in JeecgBoot's getDictItems function allows attackers to inject malicious SQL code, potentially stealing data or disrupting the system. This vulnerability can be exploited from anywhere, and exploit code is publicly available. To protect your system, update JeecgBoot to a version 3.9.2 or later.
Original title
A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The...
Original description
A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 7 Mar 2026 · Updated: 13 Mar 2026 · First seen: 7 Mar 2026