PatchSiren cyber security CVE debrief
CVE-2026-11464 JeecgBoot CVE debrief
A vulnerability was identified in JeecgBoot up to 3.9.2. The function queryPageList in SysUserController.java is affected, allowing for information disclosure via manipulation of the 'salt' argument. The attack may be initiated remotely and has high complexity. A fix is planned for an upcoming release.
- Vendor
- JeecgBoot
- Product
- JeecgBoot
- CVSS
- LOW 1.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-07
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-07
- Advisory updated
- 2026-06-08
Who should care
Users of JeecgBoot up to version 3.9.2 should be aware of this vulnerability and prepare for an upcoming fix.
Technical summary
The vulnerability is in the queryPageList function of SysUserController.java, allowing information disclosure through the 'salt' argument. The CVSS score is 1.3, indicating low severity.
Defensive priority
Low
Recommended defensive actions
- Apply the upcoming fix when available.
- Review and monitor the User List Endpoint for suspicious activity.
Evidence notes
The CVE was published on 2026-06-07T23:16:41.890Z and modified on 2026-06-08T14:57:14.757Z. The vulnerability has a CVSS score of 1.3 and is considered to have low severity.
Official resources
CVE-2026-11464 was published on 2026-06-07T23:16:41.890Z and modified on 2026-06-08T14:57:14.757Z.