VYPR
Medium severity6.3NVD Advisory· Published May 2, 2026· Updated May 5, 2026

CVE-2026-7605

CVE-2026-7605

Description

A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMultipartFileUtil.downloadImageData of the file CommonController.java of the component uploadImgByHttpEndpoint. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. Upgrading the affected component is recommended. The vendor confirmed the issue and will provide a fix in the upcoming release.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Jeecg/Jeecgbootreferences2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <=3.9.1

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.