High severity7.3NVD Advisory· Published Apr 6, 2026· Updated Apr 27, 2026

CVE-2026-5616

Description

A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/airag/JeecgBizToolsProvider.java of the component AI Chat Module. Such manipulation leads to missing authentication. The attack can be executed remotely. The name of the patch is b7c9aeba7aefda9e008ea8fe4fc3daf08d0c5b39/2c1cc88b8d983868df8c520a343d6ff4369d9e59. It is best practice to apply a patch to resolve this issue. The project fixed the issue with a commit which shall be part of the next official release.

Affected products

Jeecgboot/Jeecgbootreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/jeecgboot/JeecgBoot/commit/b7c9aeba7aefda9e008ea8fe4fc3daf08d0c5b39nvd
github.com/jeecgboot/JeecgBoot/issues/9464nvd
github.com/jeecgboot/JeecgBoot/pull/9463nvd
vuldb.com/submit/785570nvd
vuldb.com/vuln/355407nvd
vuldb.com/vuln/355407/ctinvd

News mentions

No linked articles in our index yet.

cvss	0.474
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000