Login Sign Up

CVE-2026-2111

4.3 MEDIUM
Path Traversal

📋 TL;DR

JeecgBoot versions up to 3.9.0 contain a path traversal vulnerability in the Retrieval-Augmented Generation Module's /airag/knowledge/doc/edit endpoint. Attackers can manipulate the filePath parameter to access arbitrary files on the server. Organizations using vulnerable JeecgBoot installations are affected.

💻 Affected Systems

Products:
  • JeecgBoot
Versions: Up to and including 3.9.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects installations with the Retrieval-Augmented Generation Module enabled and accessible.

📦 What is this software?

Jeecg Boot by Jeecg

View all CVEs affecting Jeecg Boot →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through reading sensitive files like configuration files, credentials, or executing arbitrary code if combined with other vulnerabilities.

🟠

Likely Case

Unauthorized access to sensitive files containing configuration data, user information, or proprietary business data.

🟢

If Mitigated

Limited impact if proper file system permissions restrict access to sensitive areas and web server runs with minimal privileges.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available and the vulnerability requires minimal technical skill to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to any version beyond 3.9.0 if available, or implement workarounds.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side validation to reject filePath parameters containing directory traversal sequences like '../' or absolute paths.

Web Application Firewall Rule

all

Configure WAF to block requests containing path traversal patterns in the filePath parameter.

🧯 If You Can't Patch

  • Restrict network access to the vulnerable endpoint using firewall rules or network segmentation.
  • Run the JeecgBoot application with minimal file system permissions to limit potential damage from successful exploitation.

🔍 How to Verify

Check if Vulnerable:

Test by sending a request to /airag/knowledge/doc/edit with filePath parameter containing '../etc/passwd' or similar traversal sequences and check if server returns sensitive file contents.

Check Version:

Check JeecgBoot version in application configuration files or admin interface.

Verify Fix Applied:

Retest with the same traversal attempts after implementing fixes; requests should be rejected or return error responses.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests to /airag/knowledge/doc/edit with filePath parameter containing '../', '..\', or absolute paths

Network Indicators:

  • Unusual file access patterns from web application to system directories

SIEM Query:

web.url:*airag/knowledge/doc/edit* AND (web.param.filePath:*../* OR web.param.filePath:*..\*)

📊 Metadata

CVE ID: CVE-2026-2111
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-22
EPSS Score: 0.04% exploit probability (13.2th percentile)
Published: February 7, 2026
Last Updated: March 3, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-2111, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)