CVE-2026-7605 | JeecgBoot up to 3.9.1 uploadImgByHttpEndpoint CommonController.java server-side request forgery (Issue 9555)

A vulnerability was found in JeecgBoot up to 3.9.1. It has been classified as critical. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMultipartFileUtil.downloadImageData of the file CommonController.java of the component uploadImgByHttpEndpoint. Performing a manipulation results in server-side request forgery.

This vulnerability is identified as CVE-2026-7605. The attack can be initiated remotely. Additionally, an exploit exists.

Upgrading the affected component is recommended.

The vendor confirmed the issue and will provide a fix in the upcoming release.VulDB Recent EntriesRead More