Missing Authentication in JeecgBoot AI Chat Module
CVE-2026-5616

6.9MEDIUM

Key Information:

Vendor

Jeecg

Status
Jeecgboot
Vendor
CVE Published:
6 April 2026

What is CVE-2026-5616?

A missing authentication vulnerability has been identified in the AI Chat Module of JeecgBoot versions 3.9.0 and 3.9.1. This flaw allows for unauthorized remote access due to improper access controls within the JeecgBizToolsProvider.java file. To mitigate the risk, it is essential for users to apply the available patch identified by the commit b7c9aeba7aefda9e008ea8fe4fc3daf08d0c5b39, which addresses the issue effectively and will be part of the next official release.

Affected Version(s)

JeecgBoot 3.9.0

JeecgBoot 3.9.1

References

https://vuldb.com/vuln/355407
vdb-entry
https://vuldb.com/vuln/355407/cti
signaturepermissions-required
https://vuldb.com/submit/785570
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

anch0r (VulDB User)
VulDB CNA Team
.