CVE-2026-3672: SQL Injection in JeecgBoot
A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
AI Analysis
Technical Summary
CVE-2026-3672 identifies a SQL injection vulnerability in the JeecgBoot framework, versions 3.9.0 and 3.9.1. The issue resides in the isExistSqlInjectKeyword function of the /jeecg-boot/sys/api/getDictItems API endpoint. This function is intended to detect and prevent SQL injection attempts but is flawed, allowing attackers to bypass input validation and inject malicious SQL code. The vulnerability can be exploited remotely without requiring user interaction or elevated privileges, making it accessible to low-privileged attackers. Successful exploitation could enable attackers to execute arbitrary SQL commands on the backend database, potentially leading to unauthorized data disclosure, data manipulation, or denial of service. The CVSS v4.0 base score is 5.3, reflecting medium severity due to the limited scope of impact and the requirement of some privileges. No patches or official fixes have been linked yet, and no known exploits are reported in the wild, but public disclosure increases the risk of future attacks.
Potential Impact
The vulnerability poses a significant risk to organizations using JeecgBoot, especially those relying on the affected versions (3.9.0 and 3.9.1). Exploitation could lead to unauthorized access to sensitive data, data corruption, or disruption of services, impacting confidentiality, integrity, and availability. Given that JeecgBoot is a rapid development platform often used in enterprise applications, the compromise of backend databases could expose critical business information or customer data. The ease of remote exploitation without user interaction or high privileges increases the threat surface. Organizations with internet-facing JeecgBoot deployments are particularly at risk. Although no active exploits are known, the public disclosure may prompt attackers to develop exploit code, increasing the likelihood of attacks in the near future.
Mitigation Recommendations
Organizations should immediately assess their use of JeecgBoot versions 3.9.0 and 3.9.1 and plan to upgrade to a patched version once available. In the interim, implement strict input validation and sanitization on all user-supplied data, especially for the /jeecg-boot/sys/api/getDictItems endpoint. Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting this endpoint. Restrict access to the vulnerable API endpoint to trusted networks or authenticated users where possible. Conduct thorough code reviews and penetration testing focusing on SQL injection vectors in the affected modules. Monitor logs for unusual database query patterns or errors indicative of injection attempts. Finally, maintain an incident response plan to quickly address any signs of exploitation.
Affected Countries
China, United States, India, Germany, Brazil, Russia, South Korea, Japan, United Kingdom, France
CVE-2026-3672: SQL Injection in JeecgBoot
Description
A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
AI-Powered Analysis
Technical Analysis
CVE-2026-3672 identifies a SQL injection vulnerability in the JeecgBoot framework, versions 3.9.0 and 3.9.1. The issue resides in the isExistSqlInjectKeyword function of the /jeecg-boot/sys/api/getDictItems API endpoint. This function is intended to detect and prevent SQL injection attempts but is flawed, allowing attackers to bypass input validation and inject malicious SQL code. The vulnerability can be exploited remotely without requiring user interaction or elevated privileges, making it accessible to low-privileged attackers. Successful exploitation could enable attackers to execute arbitrary SQL commands on the backend database, potentially leading to unauthorized data disclosure, data manipulation, or denial of service. The CVSS v4.0 base score is 5.3, reflecting medium severity due to the limited scope of impact and the requirement of some privileges. No patches or official fixes have been linked yet, and no known exploits are reported in the wild, but public disclosure increases the risk of future attacks.
Potential Impact
The vulnerability poses a significant risk to organizations using JeecgBoot, especially those relying on the affected versions (3.9.0 and 3.9.1). Exploitation could lead to unauthorized access to sensitive data, data corruption, or disruption of services, impacting confidentiality, integrity, and availability. Given that JeecgBoot is a rapid development platform often used in enterprise applications, the compromise of backend databases could expose critical business information or customer data. The ease of remote exploitation without user interaction or high privileges increases the threat surface. Organizations with internet-facing JeecgBoot deployments are particularly at risk. Although no active exploits are known, the public disclosure may prompt attackers to develop exploit code, increasing the likelihood of attacks in the near future.
Mitigation Recommendations
Organizations should immediately assess their use of JeecgBoot versions 3.9.0 and 3.9.1 and plan to upgrade to a patched version once available. In the interim, implement strict input validation and sanitization on all user-supplied data, especially for the /jeecg-boot/sys/api/getDictItems endpoint. Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting this endpoint. Restrict access to the vulnerable API endpoint to trusted networks or authenticated users where possible. Conduct thorough code reviews and penetration testing focusing on SQL injection vectors in the affected modules. Monitor logs for unusual database query patterns or errors indicative of injection attempts. Finally, maintain an incident response plan to quickly address any signs of exploitation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-03-06T20:58:48.694Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69ac9ca0c48b3f10ffcff626
Added to database: 3/7/2026, 9:46:08 PM
Last enriched: 3/7/2026, 10:00:31 PM
Last updated: 3/8/2026, 2:05:33 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.