CVE-2026-10239 | JeecgBoot up to 3.9.2 /airag/word/edit WordUtil.addImage server-side request forgery (Issue 9610)

A vulnerability, which was classified as critical, was found in JeecgBoot up to 3.9.2. The affected element is the function WordUtil.addImage of the file /airag/word/edit. Executing a manipulation can lead to server-side request forgery.

This vulnerability is handled as CVE-2026-10239. The attack can be executed remotely. Additionally, an exploit exists.

A fix is planned for the upcoming release.VulDB Recent EntriesRead More