A vulnerability labeled as critical has been found in JeecgBoot up to 3.9.1 . Impacted is the function user.getUsername of the file /sys/user/login/setting/userEdit of the component SysUser . The manipulation of the argument userIdentity results in improper access controls. This vulnerability is cataloged as CVE-2026-9579 . The attack may be launched remotely. Furthermore, there is an exploit available. The affected component should be upgraded.