CVE-2026-11464: Information Disclosure in JeecgBoot
CVE-2026-11464 is an information disclosure vulnerability in JeecgBoot versions up to 3. 9. 2. It affects the queryPageList function in the User List Endpoint component, where manipulation of the salt argument can lead to unauthorized information disclosure. The vulnerability can be exploited remotely but requires high attack complexity, making exploitation difficult. A fix is planned for a future release but is not yet available. The CVSS score is low (2. 3), reflecting limited impact and difficulty of exploitation.
AI Analysis
Technical Summary
This vulnerability exists in JeecgBoot up to version 3.9.2 within the queryPageList function of the SysUserController.java file. By manipulating the salt argument, an attacker may cause information disclosure through the User List Endpoint. The attack can be performed remotely but requires high complexity and low privileges, with no user interaction needed. Although an exploit is publicly available, the overall risk is low due to the difficulty of exploitation and limited impact. No official patch or remediation is currently available, but a fix is planned for an upcoming release.
Potential Impact
The vulnerability allows remote attackers to disclose information by manipulating a function argument. However, the attack complexity is high and the impact is limited, resulting in a low severity rating (CVSS 2.3). There are no known exploits in the wild at this time.
Mitigation Recommendations
No official fix or patch is currently available. A fix is planned for a future release of JeecgBoot. Until then, users should monitor vendor advisories for updates and consider restricting access to the affected endpoint if possible to reduce exposure.
CVE-2026-11464: Information Disclosure in JeecgBoot
Description
CVE-2026-11464 is an information disclosure vulnerability in JeecgBoot versions up to 3. 9. 2. It affects the queryPageList function in the User List Endpoint component, where manipulation of the salt argument can lead to unauthorized information disclosure. The vulnerability can be exploited remotely but requires high attack complexity, making exploitation difficult. A fix is planned for a future release but is not yet available. The CVSS score is low (2. 3), reflecting limited impact and difficulty of exploitation.
CVSS v4.0
Score 2.3low
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability exists in JeecgBoot up to version 3.9.2 within the queryPageList function of the SysUserController.java file. By manipulating the salt argument, an attacker may cause information disclosure through the User List Endpoint. The attack can be performed remotely but requires high complexity and low privileges, with no user interaction needed. Although an exploit is publicly available, the overall risk is low due to the difficulty of exploitation and limited impact. No official patch or remediation is currently available, but a fix is planned for an upcoming release.
Potential Impact
The vulnerability allows remote attackers to disclose information by manipulating a function argument. However, the attack complexity is high and the impact is limited, resulting in a low severity rating (CVSS 2.3). There are no known exploits in the wild at this time.
Mitigation Recommendations
No official fix or patch is currently available. A fix is planned for a future release of JeecgBoot. Until then, users should monitor vendor advisories for updates and consider restricting access to the affected endpoint if possible to reduce exposure.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-06-07T08:57:38.374Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a25f544e29bf47b504a9377
Added to database: 6/7/2026, 10:48:36 PM
Last enriched: 6/7/2026, 11:03:28 PM
Last updated: 6/8/2026, 12:03:06 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.