CVE-2026-7290 | JeecgBoot up to 3.9.1 loadDict Endpoint SqlInjectionUtil.java SqlInjectionUtil keyword sql injection (Issue 9491)

A vulnerability was found in JeecgBoot up to 3.9.1. It has been rated as critical. Impacted is the function SqlInjectionUtil of the file jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java of the component loadDict Endpoint. This manipulation of the argument keyword causes sql injection.

This vulnerability is tracked as CVE-2026-7290. The attack is possible to be carried out remotely. Moreover, an exploit is present.

To fix this issue, it is recommended to deploy a patch.

CVE-2026-7290 | JeecgBoot up to 3.9.1 loadDict Endpoint SqlInjectionUtil.java SqlInjectionUtil keyword sql injection (Issue 9491)

Post correlati

CVE-2025-54905 | Microsoft

CVE-2024-27812 | Apple visionOS up to 1.1 Web Contents denial of service

CVE-2026-27776 | NTT Data Intramart intra-mart Accel Platform IM-LogicDesigner deserialization

CVE-2023-40414 | Apple macOS WebKit Privilege Escalation