CVE-2026-5999

medium

Description

A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the component SysAnnouncementController. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor confirmed the issue and will provide a fix in the upcoming release.

References

https://vuldb.com/vuln/356553/cti

https://vuldb.com/vuln/356553

https://vuldb.com/submit/793656

https://github.com/jeecgboot/JeecgBoot/issues/9508#issuecomment-4199090102

https://github.com/jeecgboot/JeecgBoot/issues/9508

https://github.com/jeecgboot/JeecgBoot/

Details

Source: Mitre, NVD

Published: 2026-04-10

Updated: 2026-04-10

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Severity: Medium

CVSS v4

Base Score: 5.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Medium