Remote Code Injection Vulnerability in jeecgboot JimuReport by jeecgboot
CVE-2026-5848

5.1MEDIUM

Key Information:

Vendor: Jeecgboot
Status: Jimureport
Vendor: CVE Published:; 9 April 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-5848?

A code injection vulnerability has been identified in the jeecgboot JimuReport component, specifically in the function DriverManager.getConnection located in the /drag/onlDragDataSource/testConnection file. By manipulating the dbUrl argument, an attacker can execute arbitrary code, potentially leading to unauthorized access or system compromise. This vulnerability can be exploited remotely, making it particularly concerning for users of versions up to 2.3.0. The vendor has acknowledged the issue and is expected to release a patch in the near future to mitigate this risk.

Affected Version(s)

JimuReport 2.0

JimuReport 2.1

JimuReport 2.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-5848 - Proof of Concept

References

https://vuldb.com/vuln/356374

vdb-entrytechnical-description

https://vuldb.com/vuln/356374/cti

signaturepermissions-required

https://vuldb.com/submit/790769

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Apr 9, 2026
👾
Exploit known to exist
Apr 9, 2026
Vulnerability published
Apr 9, 2026
Vulnerability Reserved
Apr 8, 2026

Credit

anch0r (VulDB User)

VulDB CNA Team

CVE-2026-5848 Data

JSON

Jeecgboot