CVE-2026-9373
JeecgBoot OpenAPI Endpoint call improper authentication
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.3EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
24 may 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability has been found in JeecgBoot 3.9.1. This issue affects some unknown processing of the file /openapi/call/ of the component OpenAPI Endpoint. Such manipulation leads to improper authentication. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is assessed as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X
Productos afectados
n/a · JeecgBoot