Cyber Resilience

CVE-2026-2555

LowPublic PoC

Published: 16 February 2026

Published
16 February 2026
Modified
18 February 2026
KEV Added
Patch
CVSS Score v4 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0006 18.3th percentile
Risk Priority 5 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-2555 is a low-severity Improper Input Validation (CWE-20) vulnerability in Jeecg Jeecg Boot. Its CVSS base score is 2.3 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Other Platforms; in the Other ATLAS/OWASP Terms risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SC-18 (Mobile Code).

Deeper analysis

CVE-2026-2555 is a deserialization vulnerability in JeecgBoot version 3.9.1, affecting the importDocumentFromZip function within the org/jeecg/modules/airag/llm/controller/AiragKnowledgeController.java file of the Retrieval-Augmented Generation (RAG) component. The issue stems from improper input validation (CWE-20) and deserialization of untrusted data (CWE-502), with a CVSS v3.1 base score of 5.0 (AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L). It was published on 2026-02-16.

The vulnerability can be exploited remotely by an authenticated attacker with low privileges (PR:L), though it requires high attack complexity (AC:H) and no user interaction (UI:N). Successful exploitation leads to limited impacts on confidentiality, integrity, and availability (C:L/I:L/A:L), potentially allowing arbitrary code execution or data manipulation via malicious ZIP files processed by the import function.

Advisories from VulDB indicate the project was notified early through GitHub issue #9335 in the JeecgBoot repository, but the maintainers have not yet responded or released patches. No specific mitigations are detailed in the available references.

This vulnerability is notable for its presence in a Retrieval-Augmented Generation component, which has relevance to AI/ML workflows, and its exploitability is described as difficult due to the high complexity required. No real-world exploitation has been reported.

EU & UK References

Vulnerability details

A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects the function importDocumentFromZip of the file org/jeecg/modules/airag/llm/controller/AiragKnowledgeController.java of the component Retrieval-Augmented Generation. Executing a manipulation can lead to deserialization. The attack can be launched remotely. Attacks of this nature…

more

are highly complex. It is stated that the exploitability is difficult. The project was informed of the problem early through an issue report but has not responded yet.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: llm

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Deserialization of untrusted data (malicious ZIP) in a remotely accessible web controller directly enables exploitation of the application for RCE (T1190); successful exploitation results in arbitrary code execution that can be performed via command/scripting interpreters (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-40489Same product: Jeecg Jeecg Boot
CVE-2026-2822Same product: Jeecg Jeecg Boot
CVE-2025-14908Same product: Jeecg Jeecg Boot
CVE-2026-1746Same product: Jeecg Jeecg Boot
CVE-2024-43028Same product: Jeecg Jeecg Boot
CVE-2025-14909Same product: Jeecg Jeecg Boot
CVE-2026-3452Shared CWE-502
CVE-2025-66913Same vendor: Jeecg
CVE-2026-29782Shared CWE-502
CVE-2025-0465Shared CWE-20, CWE-502

Affected Assets

jeecg
jeecg boot
3.9.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces validation of all input data (including ZIP contents) before any deserialization occurs in importDocumentFromZip, blocking the CWE-20/CWE-502 root cause.

preventdetect

Requires cryptographic or integrity verification of imported ZIP files and deserialized objects, preventing execution of untrusted payloads in the RAG component.

SC-18 Mobile Code partial match
prevent

Restricts or sandbox-executes mobile/untrusted code introduced via deserialization of ZIP-supplied objects, limiting arbitrary code execution impact.

References