CVE-2026-9373

MEDIUM EPSS 27.7%

Published May 24, 20261mo ago · Modified Jun 17, 20261w ago

6.3 CVSS 4.0

Medium

Published May 24, 2026 1mo ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability has been found in JeecgBoot 3.9.1. This issue affects some unknown processing of the file /openapi/call/ of the component OpenAPI Endpoint. Such manipulation leads to improper authentication. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is assessed as difficult. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

Base Score

6.3

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity High

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

27.7% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-287 Improper Authentication Authentication

References 3

vuldb.com https://vuldb.com/submit/813251
vuldb.com https://vuldb.com/vuln/365337
vuldb.com https://vuldb.com/vuln/365337/cti

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.