LOW
Jeecg
CVE published 2026-05-09
CVE-2026-8196
CVE-2026-8196 describes a remotely reachable authorization bypass in JeecgBoot 3.9.1 affecting an unknown function in LoginController.java for the mLogin endpoint. The public record rates the issue as low severity overall (CVSS 2.9) and high-complexity to exploit, but it still warrants attention because it weakens access control. The source corpus also states that exploit code has been published.