ByteOS Network

CVE Vulnerability Details :

CVE-2026-9579

PUBLISHED

More Info Official Page

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-26 May, 2026 | 19:45

Updated At-26 May, 2026 | 19:45

▼CVE Numbering Authority (CNA)

JeecgBoot SysUser userEdit user.getUsername access control

A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is the function user.getUsername of the file /sys/user/login/setting/userEdit of the component SysUser. The manipulation of the argument userIdentity results in improper access controls. The attack may be launched remotely. The exploit has been made public and could be used. Upgrading to version 3.9.2 is recommended to address this issue. The affected component should be upgraded.

Affected Products

Vendor

n/a

Product

JeecgBoot

CPEs

cpe:2.3:a:jeecgboot:jeecgboot:*:*:*:*:*:*:*:*

Modules

SysUser

Versions

Affected

3.9.0
3.9.1

Unaffected

3.9.2

Problem Types

Type	CWE ID	Description
CWE	CWE-284	Improper Access Controls
CWE	CWE-266	Incorrect Privilege Assignment

Type: CWE

CWE ID: CWE-284

Description: Improper Access Controls

Type: CWE

CWE ID: CWE-266

Description: Incorrect Privilege Assignment

Metrics

Version	Base score	Base severity	Vector
4.0	5.3	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
3.1	6.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3.0	6.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2.0	6.5	N/A	AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C

Version: 4.0

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Version: 3.1

Base score: 6.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Version: 3.0

Base score: 6.3

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Version: 2.0

Base score: 6.5

Base severity: N/A

Vector:

AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C

Credits

reporter

AliceS614 (VulDB User)

Timeline

Event	Date
Advisory disclosed	2026-05-26 00:00:00
VulDB entry created	2026-05-26 02:00:00
VulDB entry last update	2026-05-26 14:55:15

Event: Advisory disclosed

Date: 2026-05-26 00:00:00

Event: VulDB entry created

Date: 2026-05-26 02:00:00

Event: VulDB entry last update

Date: 2026-05-26 14:55:15

References

Hyperlink	Resource
https://vuldb.com/vuln/365635	vdb-entry technical-description
https://vuldb.com/vuln/365635/cti	signature permissions-required
https://vuldb.com/submit/817891	third-party-advisory
https://github.com/jeecgboot/JeecgBoot/issues/9596	exploit issue-tracking
https://github.com/jeecgboot/JeecgBoot/issues/9596#issuecomment-4385414813	issue-tracking
https://github.com/jeecgboot/JeecgBoot/releases/tag/v3.9.2	patch
https://github.com/jeecgboot/JeecgBoot/	product