CVE-2026-10239: JeecgBoot Server-Side Request Forgery (SSRF) in Word Editing Module
JeecgBoot, an open-source low-code application development platform, contains a server-side request forgery (SSRF) vulnerability in its word document editing module. Specifically, the `WordUtil.addImage` function in the `/airag/word/edit` endpoint fails to properly validate image URLs, allowing an authenticated attacker to manipulate the application into making arbitrary HTTP requests on behalf of the server. This could expose internal resources, bypass firewalls, or facilitate lateral movement within a network. The vulnerability affects JeecgBoot versions up to and including 3.9.2 and has been publicly disclosed.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 6.3 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- Weaknesses (CWE)
- CWE-918
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-06-01 / 2026-06-17
NVD description (verbatim)
A vulnerability was determined in JeecgBoot up to 3.9.2. The affected element is the function WordUtil.addImage of the file /airag/word/edit. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. A fix is planned for the upcoming release.
6 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
The vulnerability exists in JeecgBoot's word editing functionality where the `WordUtil.addImage` method processes user-supplied image URLs without adequate validation or filtering. An authenticated user can craft a malicious request to the `/airag/word/edit` endpoint specifying an internal URL (such as localhost services, cloud metadata endpoints, or internal APIs) as the image source. The server will fetch this resource and process it, effectively becoming a proxy for the attacker. This is classified as CWE-918 (Server-Side Request Forgery). The CVSS v3.1 score of 6.3 reflects the requirement for authentication and the moderate impact on confidentiality and integrity.
Business impact
For organizations using JeecgBoot in production, this vulnerability creates multiple business risks. Attackers with valid credentials—or those who have compromised such credentials—can probe internal infrastructure, extract sensitive configuration data, or access internal APIs that should not be internet-facing. In cloud environments, SSRF vulnerabilities often lead to metadata endpoint compromise, potentially exposing cloud credentials or service tokens. Development teams may inadvertently expose database connection strings, API keys, or other secrets stored in internal systems. The public disclosure status increases the likelihood of exploitation attempts against unpatched instances.
Affected systems
JeecgBoot versions up to 3.9.2 are confirmed vulnerable. The vulnerability requires authentication to exploit, so it poses the greatest risk to environments where user accounts are broadly provisioned or where account compromise is feasible. Organizations running older versions of JeecgBoot in production environments, particularly those exposed to the internet or to untrusted networks, face the highest exposure. The module affected (`/airag/word/edit`) suggests this impacts deployments utilizing the word document processing features.
Exploitability
The vulnerability is remotely exploitable but requires a valid authenticated session. An attacker must either possess legitimate credentials or have successfully compromised a user account. The attack has no complex preconditions beyond authentication—the malicious request can be crafted through standard HTTP clients or integrated into automated attack workflows. Public disclosure of the vulnerability without an immediate patch increases the likelihood that exploit code or techniques are already circulating or being developed. The medium CVSS score reflects these authentication requirements; organizations with strong access controls and credential hygiene will face reduced risk.
Remediation
A fix is planned for an upcoming JeecgBoot release, though it has not yet been published at the time of this advisory. Immediately, organizations should implement access restrictions on the `/airag/word/edit` endpoint, limiting it to trusted users and internal networks only. Verify which versions of JeecgBoot are deployed in your environment and prioritize patching once the vendor releases a patched version. In the interim, consider disabling word document editing features if they are not critical to operations, or deploy web application firewall (WAF) rules to block suspicious image URL patterns (e.g., internal IP ranges, localhost, cloud metadata services).
Patch guidance
Monitor the JeecgBoot project repository and official release channels for version 3.9.3 or later. Once available, apply patches promptly, especially for internet-facing instances. Test the patch in a staging environment to ensure compatibility with existing workflows before production deployment. Verify that the patched version properly validates and restricts image URLs to legitimate external sources and rejects internal IP addresses, localhost references, and cloud provider metadata endpoints.
Detection guidance
Monitor HTTP requests to `/airag/word/edit` endpoints for suspicious patterns: requests containing localhost URLs, private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), cloud metadata endpoints (e.g., 169.254.169.254 for AWS), or unusual domain names. Enable detailed logging of the `WordUtil.addImage` function to capture the actual image URLs being processed. Correlate unusual outbound HTTP requests from the JeecgBoot application server with inbound requests from users—a spike in internal probing activity may indicate exploitation. Network segmentation and egress filtering will limit the damage even if exploitation occurs.
Why prioritize this
Although the CVSS score is MEDIUM, this vulnerability merits prompt attention because it combines remote exploitability, public disclosure, and potential for lateral movement or credential theft in internal networks. The authentication requirement prevents immediate mass exploitation of completely unpatched internet-facing instances, but organizations with weak access controls or widespread credential compromise should treat this as higher priority. The planned availability of a patch in an upcoming release provides a clear remediation path.
Risk score, explained
The CVSS v3.1 score of 6.3 (MEDIUM) reflects: network exploitability (AV:N), low attack complexity (AC:L), authenticated attacker requirement (PR:L), no user interaction needed (UI:N), unchanged scope (S:U), and limited impact on confidentiality, integrity, and availability (C:L, I:L, A:L). The score is not elevated to HIGH because the vulnerability requires valid authentication and does not enable remote code execution or complete compromise. However, the score does not fully capture the risk in environments with poor credential security or the upstream impact potential in cloud or complex network topologies.
Frequently asked questions
Does this vulnerability allow unauthenticated remote code execution?
No. The vulnerability requires a valid authenticated session to exploit. It does not enable remote code execution; instead, it allows the authenticated attacker to abuse the server to make HTTP requests to internal or restricted resources (SSRF). The CVSS score reflects this authentication requirement.
Is JeecgBoot itself a well-known or widely deployed product?
JeecgBoot is an open-source low-code development platform used primarily in enterprise application development, particularly in Asia-Pacific regions. While not as universally deployed as mainstream frameworks, its use in development and business platforms makes it relevant for organizations evaluating their tech stack.
What should we do if we cannot upgrade immediately?
First, restrict access to the `/airag/word/edit` endpoint to trusted users and networks only. Disable word document editing features if not essential. Implement egress filtering to prevent the server from reaching internal IP ranges or metadata endpoints. Enable detailed logging and monitor for suspicious requests. Plan an upgrade path to a patched version as soon as one is available.
Could an attacker exfiltrate data through this vulnerability?
Yes. By directing the server to fetch internal APIs, databases, or configuration services, an attacker can read sensitive data that would not normally be accessible from the internet. In cloud environments, SSRF vulnerabilities are particularly dangerous because they can be used to access metadata endpoints containing credentials or tokens.
This analysis is provided for informational and defensive security purposes. It is based on publicly available information and vendor disclosures as of the publication date. Organizations should verify all version numbers, patch availability, and compatibility against official vendor advisories before implementing remediation. The details provided do not constitute legal or compliance advice. Consult your security team and vendor documentation for environment-specific guidance. This vulnerability analysis may be updated as new information becomes available. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Weaknesses (CWE)
Related vulnerabilities
- CVE-2026-10052MEDIUMQuay SSRF in LDAP/SMTP Validation—Internal Network Reconnaissance Risk
- CVE-2026-10177MEDIUMSSRF in Aider-AI Aider 0.86.3 AWS Metadata Endpoint
- CVE-2026-10240MEDIUMJeecgBoot SSRF Vulnerability in /airag/airagModel/test Endpoint
- CVE-2026-10241MEDIUMJimuReport SSRF in File Download Function – Patch to 3.9.2
- CVE-2026-10274MEDIUMServer-Side Request Forgery in aem-mcp-server
- CVE-2026-10276MEDIUMJenkins-server-mcp SSRF Vulnerability (0.1.0)
- CVE-2026-10517MEDIUMClair SSRF Vulnerability – Unfiltered HTTP Requests Leak Metadata
- CVE-2026-10581MEDIUMDedeCMS 5.7.88 SSRF Vulnerability in Download Function