VYPR
Medium severity6.3NVD Advisory· Published Feb 20, 2026· Updated Apr 29, 2026

CVE-2026-2822

CVE-2026-2822

Description

A security vulnerability has been detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file /jeecgboot/sys/dict/loadDict/airag_app,1,create_by of the component Backend Interface. Such manipulation of the argument keyword leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

Affected products

2
  • Jeecg/Jeecgboot2 versions
    cpe:2.3:a:jeecg:jeecg_boot:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:jeecg:jeecg_boot:*:*:*:*:*:*:*:*range: <=3.9.1
    • (no CPE)range: <=3.9.1

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.