CVE-2026-9579 MEDIUM

CVE-2026-9579: JeecgBoot SysUser userEdit user.getUsername access control

Vendor N/A
Product JeecgBoot
Weakness CWE-284
Published May 26, 2026
Last update May 27, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is the function user.getUsername of the file /sys/user/login/setting/userEdit of the component SysUser. The manipulation of the argument userIdentity results in improper access controls. The attack may be launched remotely. The exploit has been made public and could be used. Upgrading to version 3.9.2 is recommended to address this issue. The affected component should be upgraded.

Key dates

02Disclosure timeline

May 26, 2026 CVE published
May 27, 2026 Record updated