A vulnerability was found in jeecgboot The server processes these URLs up to 3.9.1 and classified as critical . This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the component Cloud Instance Metadata Endpoint . The manipulation results in server-side request forgery. This vulnerability was named CVE-2026-10241 . The attack may be performed from remote. In addition, an exploit is available. It is suggested to upgrade the affected component.