CVE-2026-7604 | JeecgBoot up to 3.9.1 OpenApi Service OpenApiController.java OpenApiController.add/OpenApiController.call originUrl database server-side request forgery (Issue 9554)

A vulnerability was found in JeecgBoot up to 3.9.1 and classified as critical. This affects the function OpenApiController.add/OpenApiController.call of the file OpenApiController.java of the component OpenApi Service. Such manipulation of the argument originUrl database leads to server-side request forgery.

This vulnerability is referenced as CVE-2026-7604. It is possible to launch the attack remotely. Furthermore, an exploit is available.

It is suggested to upgrade the affected component.

The vendor confirmed the issue and will provide a fix in the upcoming release.VulDB Recent EntriesRead More