CVE-2026-8114 | JeecgBoot up to 3.9.1 JSON Object /sys/dict/loadTreeData condition sql injection (Issue 9571)

A vulnerability, which was classified as critical, has been found in JeecgBoot up to 3.9.1. Affected by this issue is some unknown functionality of the file /sys/dict/loadTreeData of the component JSON Object Handler. The manipulation of the argument condition leads to sql injection.

This vulnerability is documented as CVE-2026-8114. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor confirms (translated from Chinese): “It should have been fixed; a batch of issues were recently resolved.”VulDB Recent EntriesRead More