CVE-2026-58377
JeecgBoot 3.9.2 is affected by a broken access control vulnerability that allows authenticated, low-privilege users to perform full CRUD on OpenAPI credentials via OpenApiAuthController and OpenApiPermissionController endpoints that lack Shiro authorization annotations. Attackers can list, add, e...