A vulnerability has been found in JeecgBoot up to 3.9.2 and classified as critical . The impacted element is an unknown function of the file /airag/airagModel/test . The manipulation of the argument baseUrl leads to server-side request forgery. This vulnerability is uniquely identified as CVE-2026-10240 . The attack is possible to be carried out remotely. Moreover, an exploit is present. A fix is planned for the upcoming release.