CVE-2026-9579 | JeecgBoot up to 3.9.1 SysUser userEdit user.getUsername userIdentity access control (Issue 9596)

A vulnerability labeled as critical has been found in JeecgBoot up to 3.9.1. Impacted is the function user.getUsername of the file /sys/user/login/setting/userEdit of the component SysUser. The manipulation of the argument userIdentity results in improper access controls.

This vulnerability is cataloged as CVE-2026-9579. The attack may be launched remotely. Furthermore, there is an exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More