CVE-2026-11502 – JeecgBoot Third-Party Login ThirdLoginController.java HttpServletResponse.sendRedirect redirect

CVE ID :CVE-2026-11502

Published : June 8, 2026, 10:16 a.m. | 16 minutes ago

Description :A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of the argument state causes open redirect. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been made available to the public and could be used for attacks. The project replied: “After evaluation, this vulnerability has low exploitability in real-world scenarios: 1) Exploiting this vulnerability requires attackers to use social engineering techniques to induce victims to actively click on an OAuth login link constructed by the attacker; it cannot be triggered passively. 2) Third-party login (DingTalk/WeChat, etc.) is an optional feature and may not be enabled in most projects.”

Severity: 3.1 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-9506 – Path Traversal Vulnerability in Bagisto

CVE-2026-11503 – Tenda CX12L Wi-Fi Configuration Endpoint fast_setting_wifi_set form_fast_setting_wifi_set stack-based overflow

CVE-2026-11501 – SourceCodester Hospitals Patient Records Management System Master.php save_patient sql injection

CVE-2026-11500 – Weaviate Static API Key client.go validateConfig authorization