A vulnerability, which was classified as critical , was found in JeecgBoot up to 3.9.2 . The affected element is the function WordUtil.addImage of the file /airag/word/edit . Executing a manipulation can lead to server-side request forgery. This vulnerability is handled as CVE-2026-10239 . The attack can be executed remotely. Additionally, an exploit exists. A fix is planned for the upcoming release.