Critical severity9.8NVD Advisory· Published Apr 1, 2026· Updated Apr 6, 2026

CVE-2024-40489

Description

There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests.

Affected products

Jeecg/Jeecg Boot
cpe:2.3:a:jeecg:jeecg_boot:*:*:*:*:*:*:*:*
Range: >=3.0,<=3.5.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gist.github.com/aqyoung/2fd6329ceb06b731a621356921f0d5f0nvdThird Party Advisory
pan.baidu.com/s/14WOPXhRHoxr4FRKGme59ugnvdPermissions Required

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000