CVE-2026-10239

EUVD-2026-33601
A vulnerability was determined in JeecgBoot up to 3.9.2. The affected element is the function WordUtil.addImage of the file /airag/word/edit. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. A fix is planned for the upcoming release.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Common Weakness Enumeration
References
https://github.com/jeecgboot/JeecgBoot/
https://github.com/jeecgboot/JeecgBoot/issues/9610
https://vuldb.com/cve/CVE-2026-10239
https://vuldb.com/submit/823266
https://vuldb.com/vuln/367517
https://vuldb.com/vuln/367517/cti