Vulnerability Description
A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this issue is some unknown functionality of the file /airag/knowledge/doc/edit of the component Retrieval-Augmented Generation Module. Executing a manipulation of the argument filePath can lead to path traversal. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jeecg | Jeecg Boot | <= 3.9.0 |
Related Weaknesses (CWE)
References
- https://vuldb.com/?ctiid.344687Permissions RequiredVDB Entry
- https://vuldb.com/?id.344687Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.746789Third Party AdvisoryVDB Entry
- https://www.yuque.com/la12138/vxbwk9/ezodz20a26g36y8mExploitThird Party Advisory
FAQ
What is CVE-2026-2111?
CVE-2026-2111 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this issue is some unknown functionality of the file /airag/knowledge/doc/edit of the component Retrieval-Augmented Generation Modu...
How severe is CVE-2026-2111?
CVE-2026-2111 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-2111?
Check the references section above for vendor advisories and patch information. Affected products include: Jeecg Jeecg Boot.