Medium severity6.3NVD Advisory· Published May 2, 2026· Updated May 5, 2026

CVE-2026-7603

Description

A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile Endpoint. This manipulation of the argument files causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The affected component should be upgraded. The vendor confirmed the issue and will provide a fix in the upcoming release.

Affected products

Jeecgboot/Jeecgbootreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/jeecgboot/JeecgBoot/issues/9553nvd
github.com/jeecgboot/JeecgBoot/issues/9553nvd
vuldb.com/submit/805707nvd
vuldb.com/vuln/360560nvd
vuldb.com/vuln/360560/ctinvd

News mentions

No linked articles in our index yet.

cvss	0.410
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000