Improper Authentication in JeecgBoot 3.9.1 OpenAPI Endpoint
CVE-2026-9373

6.3MEDIUM

Key Information:

Vendor

Jeecg

Status
Jeecgboot
Vendor
CVE Published:
24 May 2026

What is CVE-2026-9373?

An improper authentication vulnerability has been identified in the JeecgBoot 3.9.1 product, specifically affecting the OpenAPI Endpoint at the /openapi/call/ file. This vulnerability allows remote attackers to manipulate authentication processes, potentially leading to unauthorized access. The complexity of exploiting this vulnerability is considered high, making such attacks challenging, yet feasible. Early engagement with the vendor regarding this issue has not yielded a response.

Affected Version(s)

JeecgBoot 3.9.1

References

https://vuldb.com/vuln/365337
vdb-entry
https://vuldb.com/vuln/365337/cti
signaturepermissions-required
https://vuldb.com/submit/813251
third-party-advisory

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

feng123123 (VulDB User)
VulDB CNA Team
.