CVE-2026-3404

EUVD-2026-9137

02.03.2026, 02:16

A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the file /com/jeesite/common/shiro/cas/CasOutHandler.java of the component Endpoint. Executing a manipulation can lead to xml external entity reference. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is considered difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5 MEDIUM	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
jeesite	jeesite	𝑥 ≤ 5.15.1

𝑥

= Vulnerable software versions

Known Exploits!

https://www.yuque.com/la12138/pa2fpb/ew8x2qss8dv0bsu0?singleDoc

Common Weakness Enumeration

References

https://vuldb.com/?ctiid.348299

https://vuldb.com/?id.348299

https://vuldb.com/?submit.763732

https://www.yuque.com/la12138/pa2fpb/ew8x2qss8dv0bsu0?singleDoc