CVE-2026-11464 | JeecgBoot up to 3.9.2 User List Endpoint SysUserController.java queryPageList salt information disclosure (Issue 9648)

A vulnerability, which was classified as problematic, has been found in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file srcmainjavaorgjeecgmodulessystemcontrollerSysUserController.java of the component User List Endpoint. The manipulation of the argument salt leads to information disclosure.

This vulnerability is listed as CVE-2026-11464. The attack may be initiated remotely. In addition, an exploit is available.

A fix is planned for the upcoming release.

CVE-2026-11464 | JeecgBoot up to 3.9.2 User List Endpoint SysUserController.java queryPageList salt information disclosure (Issue 9648)

Post correlati

CVE-2025-27089 | Directus up to 11.1.1 authorization (GHSA-99vm-5v2h-h6r6)

CVE-2023-50339 | WESEEK GROWI up to 6.1.10 User Management Page /admin/users cross site scripting

CVE-2024-51684 | Ciprian Popescu W3P SEO Plugin up to 1.8.5 on WordPress cross-site request forgery

CVE-2024-12841 | Emlog Pro up to 2.4.1 /admin/tag.php keyword cross site scripting