CVE-2026-5616 | JeecgBoot 3.9.0/3.9.1 AI Chat JeecgBizToolsProvider.java missing authentication (Issue 9464)

A vulnerability, which was classified as critical, was found in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/airag/JeecgBizToolsProvider.java of the component AI Chat Module. Such manipulation leads to missing authentication.

This vulnerability is documented as CVE-2026-5616. The attack can be executed remotely. There is not any exploit available.

It is best practice to apply a patch to resolve this issue.

The project fixed the issue with a commit which shall be part of the next official release.

CVE-2026-5616 | JeecgBoot 3.9.0/3.9.1 AI Chat JeecgBizToolsProvider.java missing authentication (Issue 9464)

Post correlati

CVE-2026-25538 | devtron-labs devtron up to 2.0.0 Attributes API Interface authorization (GHSA-8wpc-j9q9-j5m2)

CVE-2024-52063 | RTI Connext Professional up to 5.3.1.44/6.0.1.39/6.1.2.20/7.3.0.4 Core Libraries/Routing Service buffer overflow

CVE-2024-7876 | Appointment Booking Calendar Plugin up to 1.6.7.53 on WordPress Appointment Setting cross site scripting

CVE-2025-22271 | CyberArk Endpoint Privilege Manager 24.7.1 X-Forwarded-For authentication spoofing