CVE-2026-7603 | JeecgBoot up to 3.9.1 LoadFile Endpoint FileDownloadUtils.jav checkPathTraversalBatch files server-side request forgery (Issue 9553)

A vulnerability has been found in JeecgBoot up to 3.9.1 and classified as critical. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile Endpoint. This manipulation of the argument files causes server-side request forgery.

The identification of this vulnerability is CVE-2026-7603. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The affected component should be upgraded.

The vendor confirmed the issue and will provide a fix in the upcoming release.VulDB Recent EntriesRead More