{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/jeecg/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-9580"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["JeecgBoot (\u003c= 3.9.1)"],"_cs_severities":["medium"],"_cs_tags":["cve","access control","jeecgboot"],"_cs_type":"advisory","_cs_vendors":["Jeecg"],"content_html":"\u003cp\u003eJeecgBoot, a low-code development platform, is susceptible to an improper access control vulnerability (CVE-2026-9580) affecting versions up to 3.9.1. Specifically, the \u003ccode\u003eLoginController.selectDepart\u003c/code\u003e function in the \u003ccode\u003e/sys/selectDepart\u003c/code\u003e file does not adequately restrict access, potentially allowing remote attackers to bypass intended authorization mechanisms. Public exploitation details are available, increasing the risk of exploitation. Upgrading to version 3.9.2 resolves this vulnerability. This vulnerability poses a threat to organizations using vulnerable versions of JeecgBoot, potentially leading to unauthorized data access or modification.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a JeecgBoot instance running a version prior to 3.9.2.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a crafted HTTP request to the \u003ccode\u003e/sys/selectDepart\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe request targets the \u003ccode\u003eLoginController.selectDepart\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eDue to the improper access control, the attacker is able to bypass authentication checks.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to departmental data.\u003c/li\u003e\n\u003cli\u003eThe attacker may modify or exfiltrate sensitive information.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the compromised access to escalate privileges within the application.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-9580 can lead to unauthorized access to sensitive departmental data within JeecgBoot applications. This can result in data breaches, data modification, and privilege escalation, potentially impacting all organizations using JeecgBoot versions up to 3.9.1. The severity is compounded by the public availability of exploit details, increasing the likelihood of widespread exploitation.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade JeecgBoot to version 3.9.2 or later to remediate CVE-2026-9580 (reference: CVE-2026-9580 and upgrade instructions in the overview).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect CVE-2026-9580 Exploitation Attempt via selectDepart Access\u0026rdquo; to identify potential exploitation attempts targeting the vulnerable endpoint (reference: the provided Sigma rule).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T21:18:08Z","date_published":"2026-05-26T21:18:08Z","id":"https://feed.craftedsignal.io/briefs/2026-05-jeecgboot-access-control/","summary":"JeecgBoot up to version 3.9.1 is vulnerable to improper access control in the LoginController.selectDepart function, allowing remote attackers to bypass intended restrictions.","title":"JeecgBoot Improper Access Control Vulnerability (CVE-2026-9580)","url":"https://feed.craftedsignal.io/briefs/2026-05-jeecgboot-access-control/"}],"language":"en","title":"CraftedSignal Threat Feed — Jeecg","version":"https://jsonfeed.org/version/1.1"}