CRITICAL
JimuReport
CVE published 2026-06-17
CVE-2026-36418
CVE-2026-36418 is a critical vulnerability in JimuReport, a reporting tool, that allows remote code execution due to improper handling of Aviator expressions. The vulnerability affects versions 2.3.4 and below. The /jmreport/executeSelectApi endpoint is particularly vulnerable as it passes user-supplied input directly to the Aviator expression engine without adequate validation. This allows attackers to e [truncated]