CVE-2026-2555 | JeecgBoot 3.9.1 Retrieval-Augmented Generation AiragKnowledgeController.java importDocumentFromZip deserialization (Issue 9335)

A vulnerability described as critical has been identified in JeecgBoot 3.9.1. This vulnerability affects the function importDocumentFromZip of the file org/jeecg/modules/airag/llm/controller/AiragKnowledgeController.java of the component Retrieval-Augmented Generation. Executing a manipulation can lead to deserialization.

This vulnerability is tracked as CVE-2026-2555. The attack can be launched remotely. No exploit exists.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More