SQL Injection Vulnerability in JeecgBoot Software
CVE-2026-8114

5.3MEDIUM

Key Information:

Vendor

Jeecg

Status
Jeecgboot
Vendor
CVE Published:
7 May 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2026-8114?

A SQL injection vulnerability has been discovered in the JeecgBoot application affecting versions up to 3.9.1. This vulnerability resides in the functionality of the file /sys/dict/loadTreeData within the JSON Object Handler, allowing attackers to manipulate input conditions. The exploit can be executed remotely and is publicly accessible, leading to potential database access and unauthorized data modifications. The vendor has indicated that the issue should have been addressed in recent updates, emphasizing the importance of applying the latest patches.

Affected Version(s)

JeecgBoot 3.9.0

JeecgBoot 3.9.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-8114 - Proof of Concept

References

https://vuldb.com/vuln/361902
vdb-entrytechnical-description
https://vuldb.com/vuln/361902/cti
signaturepermissions-required
https://vuldb.com/submit/808186
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

JD Security SHENYI Team (VulDB User)
VulDB CNA Team
.