Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
JeecgBoot 3.9.1 - Unauthorized Access to Announcement System
CVE-2026-5999
Summary
A vulnerability in JeecgBoot's announcement system can allow an attacker to access unauthorized areas. This could potentially lead to sensitive information being viewed or modified without permission. Update to the latest version of JeecgBoot to fix the issue.
Original title
A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the component SysAnnouncementController. Such manipulation leads to improper authorization. The attack c...
Original description
A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the component SysAnnouncementController. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor confirmed the issue and will provide a fix in the upcoming release.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-266
Incorrect Privilege Assignment
CWE-285
Improper Authorization
Published: 10 Apr 2026 · Updated: 10 Apr 2026 · First seen: 10 Apr 2026