CVE-2026-3404 | thinkgem JeeSite up to 5.15.1 Endpoint CasOutHandler.java xml external entity reference

Inserito da Angelo Barbosa | Mar 1, 2026 | CVE

A vulnerability was found in thinkgem JeeSite up to 5.15.1. It has been declared as problematic. Impacted is an unknown function of the file /com/jeesite/common/shiro/cas/CasOutHandler.java of the component Endpoint. Executing a manipulation can lead to xml external entity reference.

This vulnerability appears as CVE-2026-3404. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-3404 | thinkgem JeeSite up to 5.15.1 Endpoint CasOutHandler.java xml external entity reference

Post correlati

CVE-2024-51144 | Ampache up to 6.6.0 pvmsg.php?action=add_message cross-site request forgery

CVE-2026-2064 | Portabilis i-Educar up to 2.10 User Data Page /intranet/meusdadod.php File cross site scripting

CVE-2024-0623 | VK Block Patterns Plugin up to 1.31.1.1 on WordPress cross-site request forgery

CVE-2025-38085 | Linux Kernel up to 6.15.3 hugetlb huge_pmd_unshare memory corruption