Medium severity6.3NVD Advisory· Published Apr 10, 2026· Updated Apr 29, 2026

CVE-2026-5999

Description

A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the component SysAnnouncementController. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor confirmed the issue and will provide a fix in the upcoming release.

Affected products

Jeecgboot/Jeecgbootreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/jeecgboot/JeecgBoot/issues/9508nvd
github.com/jeecgboot/JeecgBoot/issues/9508nvd
vuldb.com/submit/793656nvd
vuldb.com/vuln/356553nvd
vuldb.com/vuln/356553/ctinvd

News mentions

No linked articles in our index yet.

cvss	0.410
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000