📄 Description (English)
A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. A fix is planned for the upcoming release.
🤖 AI Executive Summary
JeecgBoot versions up to 3.9.2 contain a Server-Side Request Forgery (SSRF) vulnerability in the /airag/airagModel/test endpoint that allows remote attackers to manipulate the baseUrl parameter. This vulnerability could enable attackers to access internal resources, bypass network controls, or launch attacks against backend systems. With a CVSS score of 6.3 and public exploit availability, immediate mitigation is required for organizations using affected versions.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Jun 1, 2026 12:37
🇸🇦 Saudi Arabia Impact Assessment
Saudi organizations using JeecgBoot for enterprise applications, particularly in banking (SAMA-regulated institutions), government digital transformation initiatives, healthcare systems, and e-commerce platforms are at risk. The SSRF vulnerability could allow attackers to access internal APIs, databases, and microservices within Saudi corporate networks. Government agencies implementing digital services and financial institutions processing transactions through JeecgBoot-based systems face elevated risk of data exfiltration and lateral movement attacks.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Healthcare and Medical Services
Energy and Utilities
Telecommunications
E-commerce and Retail
Education
Insurance
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
7.2
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Identify all systems running JeecgBoot versions up to 3.9.2 using network scanning and asset inventory tools
2. Disable or restrict access to the /airag/airagModel/test endpoint immediately using WAF rules or network ACLs
3. Implement network segmentation to limit outbound connections from JeecgBoot instances
Patching Guidance:
1. Monitor JeecgBoot official releases for version 3.9.3 or later with SSRF fixes
2. Plan immediate upgrade to patched version once available
3. Test patches in non-production environments before deployment
Compensating Controls:
1. Deploy Web Application Firewall (WAF) rules to block requests to /airag/airagModel/test with suspicious baseUrl parameters
2. Implement strict outbound firewall rules limiting JeecgBoot server connections to approved internal IPs only
3. Enable request logging and monitoring for baseUrl parameter manipulation attempts
4. Use reverse proxy to validate and sanitize baseUrl parameters before reaching JeecgBoot
Detection Rules:
1. Monitor for HTTP requests to /airag/airagModel/test endpoint with baseUrl parameters containing internal IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, localhost, 127.0.0.1)
2. Alert on outbound connections from JeecgBoot servers to unexpected internal resources
3. Log and review all requests with baseUrl parameters pointing to file:// or gopher:// protocols
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع الأنظمة التي تعمل بإصدارات JeecgBoot حتى 3.9.2 باستخدام أدوات المسح والمخزون
2. تعطيل أو تقييد الوصول إلى نقطة النهاية /airag/airagModel/test فوراً باستخدام قواعد WAF أو ACLs
3. تنفيذ تقسيم الشبكة لتحديد الاتصالات الصادرة من مثيلات JeecgBoot
إرشادات التصحيح:
1. مراقبة الإصدارات الرسمية من JeecgBoot للإصدار 3.9.3 أو أحدث مع إصلاحات SSRF
2. التخطيط للترقية الفورية إلى الإصدار المصحح بمجرد توفره
3. اختبار التصحيحات في بيئات غير الإنتاج قبل النشر
عناصر التحكم البديلة:
1. نشر قواعد Web Application Firewall لحظر الطلبات إلى /airag/airagModel/test مع معاملات baseUrl المريبة
2. تنفيذ قواعد جدار الحماية الصارمة للاتصالات الصادرة من خادم JeecgBoot
3. تفعيل تسجيل المراقبة لمحاولات معالجة معامل baseUrl
4. استخدام reverse proxy للتحقق من صحة معاملات baseUrl
قواعد الكشف:
1. مراقبة طلبات HTTP إلى /airag/airagModel/test مع معاملات baseUrl تحتوي على نطاقات IP داخلية
2. التنبيه على الاتصالات الصادرة من خوادم JeecgBoot إلى موارد داخلية غير متوقعة
3. تسجيل ومراجعة جميع الطلبات مع معاملات baseUrl تشير إلى بروتوكولات file:// أو gopher://
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information security policies and procedures
A.8.1.3 - Segregation of duties
A.13.1.1 - Network security perimeter
A.13.1.3 - Segregation of networks
A.14.2.1 - Secure development policy
🔵 SAMA CSF
ID.BE-1 - Business objectives and strategies
PR.AC-3 - Access control and user management
PR.DS-2 - Data security
DE.CM-1 - Detection and analysis
RS.MI-2 - Incident response and recovery
🟡 ISO 27001:2022
A.5.1 - Management direction for information security
A.8.1 - User endpoint devices
A.13.1 - Network security
A.14.2 - Secure development and maintenance
A.18.1 - Compliance with legal and regulatory requirements
🟣 PCI DSS v4.0.1
Requirement 1 - Install and maintain a firewall configuration
Requirement 6 - Develop and maintain secure systems and applications
Requirement 11 - Regularly test security systems and processes
🔗 References & Sources 6
🔗
🔗
🔗
🔗
🔗
🔗
https://github.com/jeecgboot/JeecgBoot/
cna@vuldb.com
https://github.com/jeecgboot/JeecgBoot/issues/9609
cna@vuldb.com
https://vuldb.com/cve/CVE-2026-10240
cna@vuldb.com
https://vuldb.com/submit/823267
cna@vuldb.com
https://vuldb.com/vuln/367518
cna@vuldb.com
https://vuldb.com/vuln/367518/cti
cna@vuldb.com