CVE-2026-11502

Published: Giu 08, 2026 Last Modified: Giu 08, 2026
ExploitDB:
Other exploit source:
Google Dorks:
LOW 1,3
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: passive
Confidentiality: N/A
Integrity: N/A
Availability: N/A
LOW 3,1
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: none
LOW 2,6
Source: [email protected]
Access Vector: network
Access Complexity: high
Authentication: none
Confidentiality: none
Integrity: partial
Availability: none

Description

AI Translation Available

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of the argument state causes open redirect. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been made available to the public and could be used for attacks. The project replied: 'After evaluation, this vulnerability has low exploitability in real-world scenarios: 1) Exploiting this vulnerability requires attackers to use social engineering techniques to induce victims to actively click on an OAuth login link constructed by the attacker; it cannot be triggered passively. 2) Third-party login (DingTalk/WeChat, etc.) is an optional feature and may not be enabled in most projects.'

601

URL Redirection to Untrusted Site ('Open Redirect')

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control Confidentiality Other
Potential Impacts:
Bypass Protection Mechanism Gain Privileges Or Assume Identity Other
Applicable Platforms
Technologies: Web Based, Web Server
Likelihood of Exploit: Low
View CWE Details
https://github.com/jeecgboot/JeecgBoot/
https://github.com/jeecgboot/JeecgBoot/
https://github.com/jeecgboot/JeecgBoot/issues/9639
https://github.com/jeecgboot/JeecgBoot/issues/9639
https://github.com/jeecgboot/JeecgBoot/issues/9639#issuecom…
https://github.com/jeecgboot/JeecgBoot/issues/9639#issuecomment-4544271822
https://vuldb.com/cve/CVE-2026-11502
https://vuldb.com/cve/CVE-2026-11502
https://vuldb.com/submit/835622
https://vuldb.com/submit/835622
https://vuldb.com/vuln/369122
https://vuldb.com/vuln/369122
https://vuldb.com/vuln/369122/cti
https://vuldb.com/vuln/369122/cti