CVE-2026-10241

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L                                    

Vulnerability Description

A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the component Cloud Instance Metadata Endpoint. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. Upgrading to version 3.9.2 mitigates this issue. It is suggested to upgrade the affected component.

Vulnerability Details

Published Date

June 01, 2026

Last Modified

June 01, 2026

CWE ID

CWE-918

Source

NVD

Vendor

jeecgboot

Product

The server processes these URLs

External References

https://github.com/jeecgboot/JeecgBoot/issues/9611
https://github.com/jeecgboot/JeecgBoot/releases/tag/v3.9.2
https://vuldb.com/cve/CVE-2026-10241
https://vuldb.com/submit/823268
https://vuldb.com/vuln/367519
https://vuldb.com/vuln/367519/cti

CVE-2026-10241

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment