CVE-2026-10240

Vulnerability

A server-side request forgery (SSRF) vulnerability exists in JeecgBoot up to version 3.9.2 [1][2]. The affected endpoint is POST /airag/airagModel/test in AiragModelController.java. The baseUrl argument of the AiragModel request body is passed to the langchain4j framework without validation or sanitization, enabling outbound HTTP requests to arbitrary URLs controlled by the attacker. The endpoint lacks permission annotations, so any authenticated user can trigger the flaw [2].

Exploitation

An attacker must be authenticated to the JeecgBoot application [2]. The attacker sends a POST request to /airag/airagModel/test with a JSON body containing an AiragModel object where baseUrl points to an internal resource (e.g., http://169.254.169.254/latest/meta-data/ for cloud metadata). The server processes the request and issues an outbound HTTP call to that URL via langchain4j. The malicious configuration is also persisted to the database, enabling stored SSRF [2].

Impact

A successful attack allows the attacker to probe internal network services, perform port scanning, or access sensitive cloud instance metadata (such as AWS/GCP metadata endpoints) [2]. This can lead to information disclosure of internal infrastructure details or credentials, with the potential for further lateral movement.

Mitigation

A fix is planned for the upcoming release, but no patched version is available yet [1]. The vendor has acknowledged the issue and a fix is planned [2]. As of the latest version 3.9.2 (2026-04-30), no workaround is documented in the available references [1][2].