CVE-2026-1746 | JeecgBoot 3.9.0 Online Report API loadDictItemByKeyword keyword sql injection

Inserito da Angelo Barbosa | Feb 1, 2026 | CVE

A vulnerability was found in JeecgBoot 3.9.0 and classified as critical. This vulnerability affects unknown code of the file /JeecgBoot/sys/api/loadDictItemByKeyword of the component Online Report API. Such manipulation of the argument keyword leads to sql injection.

This vulnerability is documented as CVE-2026-1746. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-1746 | JeecgBoot 3.9.0 Online Report API loadDictItemByKeyword keyword sql injection

Post correlati

CVE-2025-61301 | CAPEv2 52e4b43 reporting/mongodb.py recursion

CVE-2024-3476 | Side Menu Lite Plugin up to 4.2.0 on WordPress cross-site request forgery

CVE-2024-24775 | F5 BIG-IP up to 15.1.9/16.1.3/17.1.0 Traffic Management Microkernel null pointer dereference (K000137333)

CVE-2025-5594 | FreeFloat FTP Server 1.0 SET Command buffer overflow