Deserialization Vulnerability in JeecgBoot 3.9.1 from Jeecg
CVE-2026-2555

2.3LOW

Key Information:

Vendor

Jeecg

Status
Jeecgboot
Vendor
CVE Published:
16 February 2026

What is CVE-2026-2555?

A security issue has been identified in JeecgBoot version 3.9.1, specifically in the importDocumentFromZip function located in the AiragKnowledgeController.java component. This vulnerability could allow remote attackers to execute complex manipulation techniques, resulting in deserialization risks. Although the exploitability is noted to be challenging, it remains a matter of concern that the maintainers have yet to respond effectively to the reported issue.

Affected Version(s)

JeecgBoot 3.9.1

References

https://vuldb.com/?id.346163
vdb-entrytechnical-description
https://vuldb.com/?ctiid.346163
signaturepermissions-required
https://vuldb.com/?submit.750232
third-party-advisory

CVSS V4

Score:
2.3
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

chuan001 (VulDB User)
.