CVE-2026-10240 | JeecgBoot up to 3.9.2 /airag/airagModel/test baseUrl server-side request forgery (Issue 9609)

A vulnerability has been found in JeecgBoot up to 3.9.2 and classified as critical. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery.

This vulnerability is uniquely identified as CVE-2026-10240. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A fix is planned for the upcoming release.VulDB Recent EntriesRead More