CVE-2026-2555 | JeecgBoot 3.9.1 Retrieval-Augmented Generation AiragKnowledgeController.java importDocumentFromZip deserialization (Issue 9335)

A vulnerability described as critical has been identified in JeecgBoot 3.9.1. This vulnerability affects the function importDocumentFromZip of the file org/jeecg/modules/airag/llm/controller/AiragKnowledgeController.java of the component Retrieval-Augmented Generation. Executing a manipulation can lead to deserialization.

This vulnerability is tracked as CVE-2026-2555. The attack can be launched remotely. No exploit exists.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-2555 | JeecgBoot 3.9.1 Retrieval-Augmented Generation AiragKnowledgeController.java importDocumentFromZip deserialization (Issue 9335)

Post correlati

CVE-2024-20490 | Cisco Data Center Network Manager information disclosure (cisco-sa-ndhs-idv-Bk8VqEDc)

CVE-2024-4376 | Premium Addons for Elementor Plugin up to 4.10.31 on WordPress Fancy Text Widget cross site scripting

CVE-2025-20921 | Samsung Notes up to 4.4.21.62 Text Content out-of-bounds

CVE-2021-47388 | Linux Kernel up to 5.14.9 mac80211 use after free