CVE-2026-5616

EPSS 0.41%
Veröffentlicht 06.04.2026 03:15:14
Zuletzt bearbeitet 27.04.2026 19:04:22
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

JeecgBoot AI Chat JeecgBizToolsProvider.java missing authentication

A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/airag/JeecgBizToolsProvider.java of the component AI Chat Module. Such manipulation leads to missing authentication. The attack can be executed remotely. The name of the patch is b7c9aeba7aefda9e008ea8fe4fc3daf08d0c5b39/2c1cc88b8d983868df8c520a343d6ff4369d9e59. It is best practice to apply a patch to resolve this issue. The project fixed the issue with a commit which shall be part of the next official release.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 10

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellern/a

≫

Produkt JeecgBoot

Version 3.9.0

Status affected

Version 3.9.1

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.41%	0.325

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	6.9	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://github.com/jeecgboot/JeecgBoot/

https://vuldb.com/vuln/355407

https://vuldb.com/vuln/355407/cti

https://vuldb.com/submit/785570

https://github.com/jeecgboot/JeecgBoot/issues/9464

https://github.com/jeecgboot/JeecgBoot/pull/9463

https://github.com/jeecgboot/JeecgBoot/commit/b7c9aeba7aefda9e008ea8fe4fc3daf08d0c5b39

https://nvd.nist.gov/vuln/detail/CVE-2026-5616

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-5616

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-5616

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-5616