Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
JeecgBoot: SQL Injection in Backend Interface
CVE-2026-2822
Summary
A security flaw in JeecgBoot versions up to 3.9.1 allows an attacker to inject malicious SQL code, potentially accessing or modifying sensitive data. This can happen remotely, and a public exploit is available. To protect your system, update to a fixed version of JeecgBoot as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| jeecg | jeecg_boot | <= 3.9.1 | – |
Original title
A security vulnerability has been detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file /jeecgboot/sys/dict/loadDict/airag_app,1,create_by of the component Back...
Original description
A security vulnerability has been detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file /jeecgboot/sys/dict/loadDict/airag_app,1,create_by of the component Backend Interface. Such manipulation of the argument keyword leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
nvd CVSS2.0
6.5
nvd CVSS3.1
8.8
nvd CVSS4.0
5.3
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
- https://vuldb.com/?ctiid.346947 Permissions Required VDB Entry
- https://vuldb.com/?id.346947 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.753792 Third Party Advisory VDB Entry
- https://www.yuque.com/meizhiyuwai/ha3yxb/lowxgbh5nne881e6 Exploit Third Party Advisory
Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026