CVE-2026-3672

MEDIUM WAF: High

CVSS 6.3 Published: 2026-03-07

CWE-89

A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

WAF Coverage Analysis

SQL Injection High WAF Coverage

OWASP: A03:2021 Injection

942xxx - SQL Injection

References

vuldb.com
vuldb.com
vuldb.com
www.yuque.com

Back to CVE Database