CVE-2026-9580
7.3 HIGHA vulnerability was determined in JeecgBoot up to 3.9.1
Published: 2026-05-26 · Last updated: 2026-05-27
Severity and scoring
- CVSS
- 7.3 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-266, CWE-284
Description
A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is the function LoginController.selectDepart of the file /sys/selectDepart. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. Upgrading to version 3.9.2 is sufficient to fix this issue. It is suggested to upgrade the affected component.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-9580
- [Other]https://github.com/jeecgboot/JeecgBoot/
- [Other]https://github.com/jeecgboot/JeecgBoot/issues/9597
- [Other]https://github.com/jeecgboot/JeecgBoot/issues/9597#issuecomment-4385501959
- [Other]https://github.com/jeecgboot/JeecgBoot/releases/tag/v3.9.2
- [Other]https://vuldb.com/submit/817892
- [Other]https://vuldb.com/vuln/365636
- [Other]https://vuldb.com/vuln/365636/cti
Related CVEs
Same CWE
- CVE-2026-53862 — OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with... (4.2 MEDIUM)
- CVE-2026-53847 — OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators wit... (5.4 MEDIUM)
- CVE-2026-49780 — Customer Privilege Escalation in Dokan <= 5.0.2 versions (8.8 HIGH)
- CVE-2026-49083 — Contributor Privilege Escalation in LatePoint <= 5.5.1 versions (7.5 HIGH)
- CVE-2026-49063 — Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions (7.3 HIGH)