CVE-2026-10239

Summary

A vulnerability was determined in JeecgBoot up to 3.9.2. The affected element is the function WordUtil.addImage of the file /airag/word/edit. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. A fix is planned for the upcoming release.

Affected Software

VendorProductVersion RangeStatus
n/aJeecgBoot3.9.0affected
n/aJeecgBoot3.9.1affected
n/aJeecgBoot3.9.2affected

Weaknesses

  • CWE-918: Server-Side Request Forgery

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References