CVE-2026-9604 Overview
CVE-2026-9604 is an improper access control vulnerability [CWE-266] affecting JeecgBoot versions up to and including 3.9.1. The flaw resides in the AiragModelController component, specifically in handling of the list and queryById arguments. An authenticated remote attacker with low privileges can manipulate these endpoints to access resources outside their authorization scope. Public exploit details have been disclosed, increasing the risk of opportunistic abuse against unpatched deployments. The vendor has released JeecgBoot 3.9.2, which remediates the issue.
Critical Impact
Authenticated attackers can bypass access control checks on the AiragModelController endpoints over the network, exposing AI RAG model data managed by JeecgBoot.
Affected Products
- JeecgBoot versions up to and including 3.9.1
- Component: AiragModelController (AI RAG model controller)
- Fixed release: JeecgBoot 3.9.2
Discovery Timeline
- 2026-05-26 - CVE-2026-9604 published to NVD
- 2026-05-27 - Last updated in NVD database
Technical Details for CVE-2026-9604
Vulnerability Analysis
The vulnerability exists in the AiragModelController class within JeecgBoot, a low-code Java enterprise development platform. The controller exposes list and queryById endpoints used to enumerate and retrieve AI Retrieval-Augmented Generation (RAG) model records. These endpoints fail to enforce sufficient authorization checks before returning data.
An attacker with valid low-privilege credentials can invoke these endpoints to read model metadata they should not have access to. The condition is classified under [CWE-266] Incorrect Privilege Assignment, where users receive broader effective permissions than the application's access policy intends.
Exploitation requires network access to the JeecgBoot HTTP interface and a low-privilege authenticated session. No user interaction is required, and the public disclosure of exploit details lowers the technical barrier for abuse.
Root Cause
The root cause is missing or insufficient authorization enforcement on the list and queryById handlers within AiragModelController. Authentication alone does not constrain which records a caller may view, allowing horizontal access to AI RAG model data belonging to other tenants or users.
Attack Vector
The attack vector is network-based against the JeecgBoot web API. An authenticated attacker issues HTTP requests to the AiragModelControllerlist or queryById endpoints with manipulated parameters to retrieve records outside their authorized scope. No specialized tooling is required, and the issue can be triggered with standard HTTP clients.
No verified proof-of-concept code is available in the provided references. For technical specifics, see the GitHub Issue Tracker and the VulDB entry #365677.
Detection Methods for CVE-2026-9604
Indicators of Compromise
- Unexpected HTTP requests to AiragModelController endpoints such as /airagModel/list and /airagModel/queryById from low-privilege accounts.
- Anomalous spikes in queryById requests iterating sequential or random identifiers, indicating enumeration attempts.
- Application log entries showing successful responses to AI RAG model queries from users who do not own the requested records.
Detection Strategies
- Review JeecgBoot application logs and reverse proxy logs for requests targeting airagModel paths and correlate caller identity against the record owner returned in the response.
- Deploy web application firewall rules that flag high-volume queryById requests with varying numeric identifiers from a single session.
- Establish a baseline of normal AI RAG model API usage per role and alert on deviations.
Monitoring Recommendations
- Enable verbose access logging on JeecgBoot controllers and forward authentication context with each request for downstream correlation.
- Monitor outbound data volume from JeecgBoot instances for signs of bulk record extraction.
- Audit user role assignments and recently issued API tokens to identify accounts that could be leveraged for low-privilege exploitation.
How to Mitigate CVE-2026-9604
Immediate Actions Required
- Upgrade JeecgBoot to version 3.9.2 or later, which contains the official fix from the vendor.
- Inventory all JeecgBoot deployments, including internal and staging environments, and prioritize patching internet-exposed instances.
- Rotate API tokens and session credentials for accounts that may have been exposed prior to remediation.
- Restrict network reachability of JeecgBoot administrative APIs to trusted segments where feasible.
Patch Information
The vendor released the fix in the JeecgBoot v3.9.2 GitHub Release. Tracking and discussion are available in the JeecgBoot Issue #9599 and the VulDB advisory #365677. Administrators should validate the upgrade in a non-production environment before deploying to production.
Workarounds
- If immediate upgrade is not possible, restrict access to airagModel endpoints at the reverse proxy or API gateway and allow only trusted administrative roles.
- Disable the AI RAG model feature in JeecgBoot configuration if it is not required for business operations.
- Apply temporary authorization filters in front of the application to enforce ownership checks on list and queryById parameters until patching is complete.
# Example nginx restriction blocking AiragModel endpoints from untrusted networks
location ~* ^/jeecg-boot/airagModel/(list|queryById) {
allow 10.0.0.0/8;
deny all;
proxy_pass http://jeecgboot_upstream;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
