Description
A vulnerability has been found in JeecgBoot 3.9.1. This issue affects some unknown processing of the file /openapi/call/ of the component OpenAPI Endpoint. Such manipulation leads to improper authentication. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is assessed as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-24
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in JeecgBoot 3.9.1 allows an attacker to manipulate the /openapi/call/ endpoint, resulting in improper authentication. It is a CWE-287 flaw that can be triggered remotely through crafted requests. The description notes a high complexity level and a difficult exploitability rating.

Affected Systems

JeecgBoot 3.9.1 from the vendor JeecgBoot. No other versions are identified as affected; the vulnerability specifically targets the OpenAPI Endpoint component.

Risk and Exploitability

The CVSS score of 6.3 reflects a medium‑to‑high severity, while the EPSS score is not available and the vulnerability is not listed in CISA KEV. The attack requires network access to the web interface and is performed remotely by sending specially crafted requests to the /openapi/call/ endpoint. The vendor has not provided a fix at the time of this advisory.

Generated by OpenCVE AI on May 24, 2026 at 12:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Limit access to the /openapi/call/ endpoint so that only trusted IP addresses or networks can reach it.
  • Enable proper authentication checks on all incoming requests to the OpenAPI endpoint, ensuring that only legitimate credentials or tokens are accepted before any processing occurs.
  • Monitor and log all activity on the /openapi/call/ endpoint, applying rate limiting or automated blocking for suspicious or anomalous traffic patterns.

Generated by OpenCVE AI on May 24, 2026 at 12:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 25 May 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Jeecg
Jeecg jeecgboot
Vendors & Products Jeecg
Jeecg jeecgboot

Sun, 24 May 2026 10:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in JeecgBoot 3.9.1. This issue affects some unknown processing of the file /openapi/call/ of the component OpenAPI Endpoint. Such manipulation leads to improper authentication. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is assessed as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Title JeecgBoot OpenAPI Endpoint call improper authentication
First Time appeared Jeecgboot
Jeecgboot jeecgboot
Weaknesses CWE-287
CPEs cpe:2.3:a:jeecgboot:jeecgboot:*:*:*:*:*:*:*:*
Vendors & Products Jeecgboot
Jeecgboot jeecgboot
References
Metrics cvssV2_0

{'score': 2.6, 'vector': 'AV:N/AC:H/Au:N/C:N/I:P/A:N/E:ND/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.7, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:R'}

cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:R'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X'}

Subscriptions

Jeecg Jeecgboot
Jeecgboot Jeecgboot
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-26T13:29:46.974Z

Reserved: 2026-05-23T14:12:51.249Z

Link: CVE-2026-9373

cve-icon Vulnrichment

Updated: 2026-05-26T13:29:43.164Z

cve-icon NVD

Status : Deferred

Published: 2026-05-24T11:16:34.167

Modified: 2026-05-26T19:37:00.120

Link: CVE-2026-9373

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T11:30:23Z

Weaknesses