Medium severity6.3NVD Advisory· Published Mar 7, 2026· Updated Apr 29, 2026
CVE-2026-3672
CVE-2026-3672
Description
A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
Affected products
1Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.