Vulnerabilities ›

CVE-2026-7602

Medium

CWE-266 — Weakness Type

                    Published: May 2, 2026                      ·  Modified: May 5, 2026                      ·  Source: NVD                

CVSS v3

6.3

🔗 NVD Official

📄 Description (English)

A vulnerability was found in JeecgBoot up to 3.9.1. Affected by this vulnerability is an unknown functionality of the file /sys/fillRule/edit of the component FillRuleUtil Component. The manipulation of the argument ruleClass results in improper authorization. The attack may be performed from remote. The exploit has been made public and could be used. You should upgrade the affected component. The vendor confirmed the issue and will provide a fix in the upcoming release.

🤖 AI Executive Summary

CVE-2026-7602 is an improper authorization vulnerability in JeecgBoot up to version 3.9.1 affecting the FillRuleUtil component's /sys/fillRule/edit endpoint. The ruleClass parameter manipulation allows remote attackers to bypass authorization controls without authentication.

📄 Description (Arabic)

ثغرة في JeecgBoot تؤثر على مكون FillRuleUtil تسمح بتجاوز آليات التفويض من خلال معالجة معامل ruleClass بشكل غير صحيح. يمكن للمهاجمين البعيدين استغلال هذه الثغرة للوصول غير المصرح به إلى الوظائف الحساسة في النظام.

🤖 ملخص تنفيذي (AI)

A vulnerability in JeecgBoot versions up to 3.9.1 allows remote attackers to bypass authorization through manipulation of the ruleClass parameter in the FillRuleUtil component. This improper authorization flaw enables unauthorized access to sensitive functionality.

🤖 AI Intelligence Analysis Analyzed: May 18, 2026 07:30

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

government banking telecom

🎯 MITRE ATT&CK Techniques

T1078.001 T1548.002 T1190

⚖️ Saudi Risk Score (AI)

6.0

/ 10.0

🔧 Remediation Steps (English)

Upgrade JeecgBoot to version 3.9.2 or later when available. Implement input validation and authorization checks for the ruleClass parameter. Apply network-level access controls to restrict access to /sys/fillRule/edit endpoint. Monitor logs for suspicious parameter manipulation attempts.

🔧 خطوات المعالجة (العربية)

قم بترقية JeecgBoot إلى الإصدار 3.9.2 أو أحدث عند توفره. طبق التحقق من صحة المدخلات والتحقق من التفويض لمعامل ruleClass. طبق عناصر تحكم الوصول على مستوى الشبكة لتقييد الوصول إلى نقطة /sys/fillRule/edit. راقب السجلات للكشف عن محاولات معالجة المعاملات المريبة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1.1 5.1.2

🔵 SAMA CSF

AC-3 AC-6

🟡 ISO 27001:2022

A.9.1.1 A.9.2.1 A.9.4.3

🔗 References & Sources 6

🔗

https://github.com/jeecgboot/JeecgBoot/

cna@vuldb.com

🔗

https://github.com/jeecgboot/JeecgBoot/issues/9552

cna@vuldb.com

🔗

https://github.com/jeecgboot/JeecgBoot/issues/9552#issuecomment-4251391314

cna@vuldb.com

🔗

https://vuldb.com/submit/805706

cna@vuldb.com

🔗

https://vuldb.com/vuln/360559

cna@vuldb.com

🔗

https://vuldb.com/vuln/360559/cti

cna@vuldb.com

📊 CVSS Score

6.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score6.3

CWECWE-266

EPSS0.05%

Exploit No

Patch ✗ No

Published 2026-05-02

Source Feed nvd

🇸🇦 Saudi Risk Score

6.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-266

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-7602

Introduce Yourself

Sign In Required