CVE-2026-9373

CVE Database · CVE-2026-9373

CVE-2026-9373

· LOWDeferred

CVSS v3.1

3.7

CVSS v4.0

6.3

EPSS

0.43%

Published

May 24, 2026

Modified

May 26, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability has been found in JeecgBoot 3.9.1. This issue affects some unknown processing of the file /openapi/call/ of the component OpenAPI Endpoint. Such manipulation leads to improper authentication. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is assessed as difficult. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Weaknesses (CWE)

CWE-287

References (3)

https://vuldb.com/submit/813251

https://vuldb.com/vuln/365337

https://vuldb.com/vuln/365337/cti

KEV Catalog EPSS Scores Vendors All CVEs