CNNVD-202602-1096 Information
CNNVD ID
CNNVD-202602-1096
Related CVE
- CNNVD Published: 2026-02-07
Description (Chinese)
JeecgBoot是中国国炬(Jeecg)公司的一个适用于企业 Web 应用程序的 Java 低代码平台。 JeecgBoot 3.9.0及之前版本存在路径遍历漏洞,该漏洞源于对组件Retrieval-Augmented Generation Module中文件/airag/knowledge/doc/edit的参数filePath的错误操作,可能导致路径遍历。
Description (English)
JeecgBoot is a Java low-code platform for the enterprise Web application of Jeecg. JeecgBoot 3.9.0 and previous versions have path-to-path loopholes, which stem from the error in the operation of file file/airag/knowledge/doc/edit of component Retrieval-Augmented General Module, which may lead to a path-to-path pass.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
国炬
Published
2026-02-07
Last Modified
2026-02-24
References
https://vuldb.com/?ctiid.344687 https://www.yuque.com/la12138/vxbwk9/ezodz20a26g36y8m https://vuldb.com/?submit.746789 https://vuldb.com/?id.344687 https://access.redhat.com/security/cve/cve-2026-2111
Patch
https://www.jeecg.com/https://github.com/jeecgboot/JeecgBoot/releases
Share on: