CVE-2026-2555 – A deserialization vulnerability in JeecgBoot 3.... (How to Fix)

Q: What is the severity of CVE-2026-2555?

CVE-2026-2555 has a CVSS score of 5.0 (MEDIUM). A deserialization vulnerability in JeecgBoot 3.9.1 allows remote attackers to execute arbitrary code by manipulating the importDocumentFromZip function in the AI knowledge controller. This affects systems running JeecgBoot with the Retrieval-Augmented Generation component enabled. The vulnerability is remotely exploitable but requires complex attack execution.

📋 TL;DR

A deserialization vulnerability in JeecgBoot 3.9.1 allows remote attackers to execute arbitrary code by manipulating the importDocumentFromZip function in the AI knowledge controller. This affects systems running JeecgBoot with the Retrieval-Augmented Generation component enabled. The vulnerability is remotely exploitable but requires complex attack execution.

💻 Affected Systems

Products:

JeecgBoot

Versions: 3.9.1

Operating Systems: All platforms running Java

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the Retrieval-Augmented Generation component to be enabled and accessible.

📦 What is this software?

Jeecg Boot by Jeecg

View all CVEs affecting Jeecg Boot →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Limited impact due to high exploit complexity, potentially causing service disruption or partial data exposure.

🟢

If Mitigated

Minimal impact with proper input validation, network segmentation, and least privilege controls in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: HIGH

Attack is remotely launchable but described as highly complex and difficult to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Monitor the GitHub repository for updates and apply when released.

🔧 Temporary Workarounds

Disable vulnerable endpoint

all

Disable or restrict access to the importDocumentFromZip function in AiragKnowledgeController

Modify application configuration to disable the endpoint or implement access controls

Implement input validation

all

Add strict input validation and sanitization for zip file processing

Implement whitelist validation for file types and content inspection

🧯 If You Can't Patch

Implement network segmentation to isolate JeecgBoot instances from critical systems
Deploy web application firewall (WAF) with deserialization attack detection rules

🔍 How to Verify

Check if Vulnerable:

Check if running JeecgBoot version 3.9.1 with the Retrieval-Augmented Generation component enabled

Check Version:

Check application.properties or pom.xml for version information

Verify Fix Applied:

Verify that the importDocumentFromZip function has been secured or disabled in newer versions

📡 Detection & Monitoring

Log Indicators:

Unusual file upload patterns to AI knowledge endpoints
Java deserialization errors in application logs

Network Indicators:

Suspicious POST requests to /airag/llm/importDocumentFromZip endpoint

SIEM Query:

source="jeecgboot-logs" AND (uri="/airag/llm/importDocumentFromZip" OR message="*deserialization*")

📊 Metadata

CVE ID: CVE-2026-2555

CVSS v3 Score: 5.0 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-20

Published: February 16, 2026

Last Updated: February 18, 2026

🔗 References

https://github.com/jeecgboot/JeecgBoot/ Product
https://github.com/jeecgboot/JeecgBoot/issues/9335 Exploit,Issue Tracking,Third Party Advisory
https://vuldb.com/?ctiid.346163 Permissions Required,VDB Entry
https://vuldb.com/?id.346163 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.750232 Third Party Advisory,VDB Entry
https://github.com/jeecgboot/JeecgBoot/issues/9335 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-2555, you might also want to check these: