CVE-2024-40489

9.8 CRITICAL
Published: April 01, 2026 Modified: April 06, 2026
View on NVD

Description

There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://gist.github.com/aqyoung/2fd6329ceb06b731a621356921f0d5f0
Source: cve@mitre.org
Third Party Advisory
https://pan.baidu.com/s/14WOPXhRHoxr4FRKGme59ug?pwd=sktp
Source: cve@mitre.org
Permissions Required

2 reference(s) from NVD

Quick Stats

CVSS v3 Score
9.8 / 10.0
EPSS (Exploit Probability)
1.0%
77th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-94

Affected Vendors

jeecg

Related CVEs

CVE-2026-34626 6.3
CVE-2026-34622 8.6
CVE-2026-27291 7.8
CVE-2026-27286 5.5
CVE-2026-27285 5.5