CVE-2026-2555
Published: 16 February 2026
Summary
CVE-2026-2555 is a medium-severity Improper Input Validation (CWE-20) vulnerability in Jeecg Jeecg Boot. Its CVSS base score is 5.0 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other AI Platforms.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Security testing and evaluation at multiple SDLC stages directly detects missing or flawed input validation, with the required remediation process ensuring fixes are applied.
Directly implements checks on information inputs to reject invalid data before processing.
Penetration testing supplies malicious serialized objects, detecting unsafe deserialization and supporting corrective actions.
Security testing and developer training directly verify and enforce proper input validation, reducing exploitability of injection and malformed-data weaknesses.
Untrusted serialized data can be deserialized and observed inside the chamber, blocking gadget-chain exploitation outside the sandbox.
Identifies and blocks malicious code introduced through deserialization of untrusted data at system boundaries.
Integrity verification of serialized information can detect tampering before deserialization occurs.
Spam protection mechanisms perform filtering and detection on inbound/outbound messages, directly compensating for missing or weak input validation of unsolicited content.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Deserialization of untrusted data (malicious ZIP) in a remotely accessible web controller directly enables exploitation of the application for RCE (T1190); successful exploitation results in arbitrary code execution that can be performed via command/scripting interpreters (T1059).
NVD Description
A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects the function importDocumentFromZip of the file org/jeecg/modules/airag/llm/controller/AiragKnowledgeController.java of the component Retrieval-Augmented Generation. Executing a manipulation can lead to deserialization. The attack can be launched remotely. Attacks of this nature…
more
are highly complex. It is stated that the exploitability is difficult. The project was informed of the problem early through an issue report but has not responded yet.
Deeper analysisAI
CVE-2026-2555 is a deserialization vulnerability in JeecgBoot version 3.9.1, affecting the importDocumentFromZip function within the org/jeecg/modules/airag/llm/controller/AiragKnowledgeController.java file of the Retrieval-Augmented Generation (RAG) component. The issue stems from improper input validation (CWE-20) and deserialization of untrusted data (CWE-502), with a CVSS v3.1 base score of 5.0 (AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L). It was published on 2026-02-16.
The vulnerability can be exploited remotely by an authenticated attacker with low privileges (PR:L), though it requires high attack complexity (AC:H) and no user interaction (UI:N). Successful exploitation leads to limited impacts on confidentiality, integrity, and availability (C:L/I:L/A:L), potentially allowing arbitrary code execution or data manipulation via malicious ZIP files processed by the import function.
Advisories from VulDB indicate the project was notified early through GitHub issue #9335 in the JeecgBoot repository, but the maintainers have not yet responded or released patches. No specific mitigations are detailed in the available references.
This vulnerability is notable for its presence in a Retrieval-Augmented Generation component, which has relevance to AI/ML workflows, and its exploitability is described as difficult due to the high complexity required. No real-world exploitation has been reported.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: llm