CVE-2026-2555

EUVD-2026-6091

16.02.2026, 12:16

A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects the function importDocumentFromZip of the file org/jeecg/modules/airag/llm/controller/AiragKnowledgeController.java of the component Retrieval-Augmented Generation. Executing a manipulation can lead to deserialization. The attack can be launched remotely. Attacks of this nature are highly complex. It is stated that the exploitability is difficult. The project was informed of the problem early through an issue report but has not responded yet.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5 MEDIUM	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDB	CNA	5 MEDIUM				CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

Base Score

CVSS 3.x

EPSS Score

Percentile: 11%

Affected Products (NVD)

Vendor	Product	Version
jeecg	jeecg_boot	3.9.1

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

References

https://github.com/jeecgboot/JeecgBoot/

https://github.com/jeecgboot/JeecgBoot/issues/9335

https://vuldb.com/?ctiid.346163

https://vuldb.com/?id.346163

https://vuldb.com/?submit.750232

https://github.com/jeecgboot/JeecgBoot/issues/9335