CVE-2026-10240

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L                                    

Vulnerability Description

A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. A fix is planned for the upcoming release.

Vulnerability Details

Published Date

June 01, 2026

Last Modified

June 01, 2026

CWE ID

CWE-918

Source

NVD

Product

JeecgBoot

External References

https://github.com/jeecgboot/JeecgBoot/
https://github.com/jeecgboot/JeecgBoot/issues/9609
https://vuldb.com/cve/CVE-2026-10240
https://vuldb.com/submit/823267
https://vuldb.com/vuln/367518
https://vuldb.com/vuln/367518/cti

CVE-2026-10240

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment