CVE-2026-7290

216.73.217.22

· Published 28/04/2026 19:37 · Modified 29/04/2026 01:00

Labels: CVE-2026-7290 2026-04-28 CVE-2026-7290 CWE-74 [email protected]

Essential information

Published: 28/04/2026 19:37
Modified: 29/04/2026 01:00
Author: —
Creator: —
CVSS: 2.1 LOW (v3) 2.1 LOW (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

A vulnerability was determined in JeecgBoot up to 3.9.1. Impacted is the function SqlInjectionUtil of the file jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java of the component loadDict Endpoint. This manipulation of the argument keyword causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Patch name: a9c8e8eb1185751c4c3c68d2a53f3dadee9edc6b. To fix this issue, it is recommended to deploy a patch.

NVD status

Status: Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
jeecg / jeecg boot	`cpe:2.3:a:jeecg:jeecg_boot:<3.9.1:::::::*`