Home / Vulnerability Intelligence / CVE-2026-3026

CVE-2026-3026 - Vulnerability Analysis

HighCVSS: 7.3

Last Updated: February 24, 2026

erzhongxmu JEEWMS - Server-Side Request Forgery

Published: February 23, 2026Updated: February 24, 2026PoC AvailableRemote Exploitable

Overview

erzhongxmu JEEWMS 3.7 contains a server-side request forgery caused by manipulation of the "upfile" argument in /plug-in/ueditor/jsp/getRemoteImage.jsp, letting remote attackers make arbitrary requests, exploit requires no special privileges.

Severity & Score

Severity: High

CVSS Score: 7.3

Impact

Remote attackers can make arbitrary requests from the server, potentially accessing internal resources or sensitive information.

Mitigation

Update to the latest version or apply vendor patches when available.

References

https://vuldb.com/?id.347382
https://vuldb.com/?submit.756522
https://www.notion.so/JEEWMS-SSRF-Vulnerability-in-UEditor-Module-304ea92a3c41806782b1f7285ab0d580
https://vuldb.com/?ctiid.347382

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-3026
Severity: High
CVSS Score: 7.3
Type: server_side_request_forgery
Status: confirmed

CWE

CWE-918

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L