CVE-2026-5999: Improper Authorization in JeecgBoot
A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the component SysAnnouncementController. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor confirmed the issue and will provide a fix in the upcoming release.
AI Analysis
Technical Summary
This vulnerability affects JeecgBoot up to version 3.9.1 and involves improper authorization in an unknown function within the SysAnnouncementController component. The flaw allows remote attackers to perform unauthorized actions due to insufficient access control. The vulnerability has been publicly disclosed, and the vendor has acknowledged it, committing to a fix in an upcoming release. The CVSS 4.0 base score is 5.3, reflecting a medium severity with network attack vector, low complexity, no user interaction, and limited impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation could allow remote attackers with low privileges to bypass authorization restrictions in the affected component, potentially leading to unauthorized access or actions within the application. The exact impact is unspecified, but the medium CVSS score indicates partial compromise of confidentiality, integrity, or availability.
Mitigation Recommendations
No official patch or fix is currently available. The vendor has confirmed the vulnerability and plans to provide a fix in a future release. Users should monitor vendor communications for the release of the update and apply it promptly once available. Until then, consider restricting access to the affected component if possible and apply compensating controls to limit exposure.
CVE-2026-5999: Improper Authorization in JeecgBoot
Description
A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the component SysAnnouncementController. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor confirmed the issue and will provide a fix in the upcoming release.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects JeecgBoot up to version 3.9.1 and involves improper authorization in an unknown function within the SysAnnouncementController component. The flaw allows remote attackers to perform unauthorized actions due to insufficient access control. The vulnerability has been publicly disclosed, and the vendor has acknowledged it, committing to a fix in an upcoming release. The CVSS 4.0 base score is 5.3, reflecting a medium severity with network attack vector, low complexity, no user interaction, and limited impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation could allow remote attackers with low privileges to bypass authorization restrictions in the affected component, potentially leading to unauthorized access or actions within the application. The exact impact is unspecified, but the medium CVSS score indicates partial compromise of confidentiality, integrity, or availability.
Mitigation Recommendations
No official patch or fix is currently available. The vendor has confirmed the vulnerability and plans to provide a fix in a future release. Users should monitor vendor communications for the release of the update and apply it promptly once available. Until then, consider restricting access to the affected component if possible and apply compensating controls to limit exposure.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-04-09T13:03:06.047Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d862041cc7ad14da50d93b
Added to database: 4/10/2026, 2:35:48 AM
Last enriched: 4/17/2026, 12:21:07 PM
Last updated: 5/25/2026, 6:01:55 AM
Views: 81
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.