CVE-2026-10240— JeecgBoot test server-side request forgery

CVSS 6.3 · Medium Updated Jun 01, 2026

Possible ATT&CK Techniques 2AI

T1598 · Phishing for Information T1190 · Exploit Public-Facing Application

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-10240

AIGC Shenlong Model
NVD (National Vulnerability Database)

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

JeecgBoot test server-side request forgery

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. A fix is planned for the upcoming release.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

服务端请求伪造(SSRF)

Source: NVD (National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	JeecgBoot	3.9.0	`cpe:2.3:a:jeecgboot:jeecgboot::::::::`

II. Public POCs for CVE-2026-10240

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-10240

请登录查看更多情报信息。

Proof of Concept for CVE-2026-10240 (1)

🔗 [Security] SSRF in JeecgBoot airagModel endpoint · Issue #9609 · jeecgboot/JeecgBoot Read full article exploitissue-tracking

Vendor Pages for CVE-2026-10240 (1)

GitHub - jeecgboot/JeecgBoot: 【AI低代码平台】AI low-code platform empowers enterprises to quickly develop low-code solutions and build AI applications. 助力企业快速实现低代码开发和构建AI应用！ AI应用平台涵盖：AI应用、AI模型、AI聊天助手、知识库、AI流程编排、MCP和插件，聊天式业务操作等。强大代码生成器：实现前后端一键生成，无需手写代码! 显著提升效率节省成本，又不失灵活~product

https://nvd.nist.gov/vuln/detail/CVE-2026-10240

Same Patch Batch · n/a · 2026-06-01 · 15 CVEs total

CVE-2026-10239	6.3 MEDIUM	JeecgBoot edit WordUtil.addImage server-side request forgery
CVE-2026-10232	5.3 MEDIUM	Assimp ASE File scene.cpp ~aiNode use after free
CVE-2026-10231	5.3 MEDIUM	Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp extract_anim_value heap-based overflow
CVE-2026-10230	5.3 MEDIUM	Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp read_animations heap-based overflow
CVE-2026-10229	5.3 MEDIUM	Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp read_meshes heap-based overflow
CVE-2026-10233	3.3 LOW	Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp read_sequence_infos out-of-bounds
CVE-2026-37221		FlexRIC v2.0.0 远程拒绝服务漏洞
CVE-2026-37220		FlexRIC v2.0.0 SCTP远程未授权拒绝服务漏洞
CVE-2025-60485		GPAC Project/MP4Box <26.02.0 DoS漏洞
CVE-2025-60486		MP4Box<26.02.0堆使用后释放导致DoS
CVE-2025-60495		GPAC <26.02.0分段错误导致DoS
CVE-2025-60481		MP4Box 26.02.0前空指针解引用致DoS
CVE-2025-60483		GPAC MP4Box 26.02.0前空指针解引用致DoS
CVE-2025-55664		GPAC MP4Box v2.4 堆缓冲区溢出导致DoS漏洞

IV. Related Vulnerabilities

Same product: JeecgBoot

Same vendor: n/a

Same weakness: CWE-918

V. Comments for CVE-2026-10240

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-10240— JeecgBoot test server-side request forgery

Possible ATT&CK Techniques 2AI

I. Basic Information for CVE-2026-10240

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-10240

III. Intelligence Information for CVE-2026-10240

Proof of Concept for CVE-2026-10240 (1)

Vendor Pages for CVE-2026-10240 (1)

Same Patch Batch · n/a · 2026-06-01 · 15 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-10240

Leave a comment