VYPR
← All advisories
Medium severity6.3NVD Advisory· Published Jun 1, 2026

CVE-2026-10241

CVE-2026-10241

Description

JeecgBoot <=3.9.1 contains an SSRF vulnerability in the /airag/app/debug endpoint allowing an authenticated attacker to probe internal networks or cloud metadata endpoints.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

JeecgBoot <=3.9.1 contains an SSRF vulnerability in the /airag/app/debug endpoint allowing an authenticated attacker to probe internal networks or cloud metadata endpoints.

Vulnerability

A server-side request forgery (SSRF) vulnerability exists in JeecgBoot versions up to and including 3.9.1. The bug resides in the /airag/app/debug endpoint, where the AiragChatServiceImpl.ensureLocalFile() method calls FileDownloadUtils.download2DiskFromNet() to fetch files from URLs supplied via the files parameter in the POST request body. The application fails to validate the host or IP address of the provided URLs, allowing an attacker to force the server to make outbound HTTP requests to arbitrary internal or cloud metadata endpoints. Even if an extension whitelist is in place, it can be bypassed by appending a permitted extension such as .pdf to the URL path [1][2].

Exploitation

To exploit the vulnerability, an attacker must first authenticate as a registered user to obtain a valid JWT or X-Access-Token. The attacker then sends a POST request to /airag/app/debug with a JSON body containing a files array that includes a URL targeting an internal resource (e.g., http://169.254.169.254/latest/meta-data/). To bypass an extension whitelist, the URL is appended with a permitted extension such as .pdf. The server processes the URL and initiates a download from the attacker-specified address, triggering the SSRF [2].

Impact

A successful SSRF attack allows the attacker to probe internal network services, access cloud instance metadata endpoints (e.g., AWS, GCP, Azure), and potentially retrieve sensitive information from internal systems. The compromise is limited to information disclosure and network reconnaissance, with the attacker operating in the server's network context. No direct remote code execution is described in the references [1][2].

Mitigation

JeecgBoot version 3.9.2, released concurrently with the disclosure, fixes the SSRF vulnerability. Users are strongly advised to upgrade to version 3.9.2 or later. No other workarounds or mitigations are currently documented. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date [1][2].

References
  1. Release v3.9.2 · jeecgboot/JeecgBoot
  2. [fixed in 3.9.2] [Security] SSRF in JeecgBoot via AiragApp Debug Endpoint

AI Insight generated on Jun 1, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

2
f8791bb8853f

Close InputStream in parse

https://github.com/jeecgboot/jeecgboottejasae-afkApr 13, 2026Fixed in 3.9.2via llm-release-walk
commit
1 file changed · +18 17
  • jeecg-boot/jeecg-boot-module/jeecg-boot-module-airag/src/main/java/org/jeecg/modules/airag/llm/document/TikaDocumentParser.java+18 17 modified
    @@ -73,24 +73,25 @@ public Document parse(File file) {
         AssertUtils.assertNotEmpty("请选择文件", file);
         try {
             // 用于解析(使用FileInputStream避免file.toPath()在Linux非UTF-8环境下中文文件名报错)
-            InputStream isForParsing = new FileInputStream(file);
-            // 使用 Tika 自动检测 MIME 类型
-            String fileName = file.getName().toLowerCase();
-            //后缀
-            String ext = FilenameUtils.getExtension(fileName);
-            if (fileName.endsWith(".txt")
-                    || fileName.endsWith(".md")
-                    || fileName.endsWith(".pdf")) {
-                return extractByTika(isForParsing);
-            //update-begin---author:wangshuai---date:2026-01-09---for:【QQYUN-14261】【AI】AI助手,支持多模态能力- 文档---
-            } else if (FILE_SUFFIX.contains(ext.toLowerCase())) {
-                return parseDocExcelPdfUsingApachePoi(file);
-            //update-end---author:wangshuai---date:2026-01-09---for:【QQYUN-14261】【AI】AI助手,支持多模态能力- 文档---
-            } else {
-                throw new IllegalArgumentException("不支持的文件格式: " + FilenameUtils.getExtension(fileName));
+            try (InputStream isForParsing = new FileInputStream(file)) {
+                // 使用 Tika 自动检测 MIME 类型
+                String fileName = file.getName().toLowerCase();
+                //后缀
+                String ext = FilenameUtils.getExtension(fileName);
+                if (fileName.endsWith(".txt")
+                        || fileName.endsWith(".md")
+                        || fileName.endsWith(".pdf")) {
+                    return extractByTika(isForParsing);
+                //update-begin---author:wangshuai---date:2026-01-09---for:【QQYUN-14261】【AI】AI助手,支持多模态能力- 文档---
+                } else if (FILE_SUFFIX.contains(ext.toLowerCase())) {
+                    return parseDocExcelPdfUsingApachePoi(file);
+                //update-end---author:wangshuai---date:2026-01-09---for:【QQYUN-14261】【AI】AI助手,支持多模态能力- 文档---
+                } else {
+                    throw new IllegalArgumentException("不支持的文件格式: " + FilenameUtils.getExtension(fileName));
+                }
+                } catch (IOException e) {
+                throw new RuntimeException(e);
             }
-        } catch (IOException e) {
-            throw new RuntimeException(e);
         }
     }
7df07a823fd5

修复——flyway执行sql脚本失败 #9622

https://github.com/jeecgboot/jeecgbootJEECGMay 11, 2026Fixed in 3.9.2via release-tag
commit
1 file changed · +96 24
  • jeecg-boot/db/jeecgboot-mysql-5.7.sql+96 24 modified

Vulnerability mechanics

Root cause

"The server does not validate or restrict the URLs passed to FileDownloadUtils.download2DiskFromNet, enabling server-side request forgery to internal endpoints."

Attack vector

An attacker with low-privilege remote access sends a crafted URL to the `download2DiskFromNet` function, which the server fetches without validating the destination [CWE-918]. This allows the attacker to target internal cloud metadata endpoints (e.g., 169.254.169.254) or other internal services. The attack requires no user interaction and is performed over the network.

Affected code

The vulnerability resides in the `FileDownloadUtils.download2DiskFromNet` function within the file `/airag/app/debug` of the Cloud Instance Metadata Endpoint component. The server processes URLs up to version 3.9.1 without sufficient validation, allowing SSRF.

What the fix does

The advisory states that upgrading to version 3.9.2 mitigates the issue. The provided patches do not directly modify the vulnerable `FileDownloadUtils.download2DiskFromNet` function; patch_id=4195809 only fixes a resource leak in `TikaDocumentParser.java`. The actual SSRF fix is not shown in the bundle, so the exact remediation in the download function is unspecified.

Preconditions

  • authThe attacker must have a low-privilege account on the JeecgBoot instance.
  • networkThe vulnerable endpoint `/airag/app/debug` must be exposed to the network.
  • inputThe attacker must be able to supply a URL to the `download2DiskFromNet` function.

Generated on Jun 1, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

6

News mentions

0

No linked articles in our index yet.