Medium severity6.3NVD Advisory· Published May 2, 2026· Updated May 5, 2026

CVE-2026-7604

Description

A vulnerability was identified in JeecgBoot up to 3.9.1. This affects the function OpenApiController.add/OpenApiController.call of the file OpenApiController.java of the component OpenApi Service. Such manipulation of the argument originUrl database leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly available and might be used. It is suggested to upgrade the affected component. The vendor confirmed the issue and will provide a fix in the upcoming release.

Affected products

Jeecgboot/Jeecgbootreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/jeecgboot/JeecgBoot/issues/9554nvd
github.com/jeecgboot/JeecgBoot/issues/9554nvd
vuldb.com/submit/805708nvd
vuldb.com/vuln/360561nvd
vuldb.com/vuln/360561/ctinvd

News mentions

No linked articles in our index yet.

cvss	0.410
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000