Platform
java
Component
ueditor
Fixed in
3.7.1
CVE-2026-3026 describes a server-side request forgery (SSRF) vulnerability discovered in JEEWMS 3.7. This flaw resides within the UEditor component, specifically the /plug-in/ueditor/jsp/getRemoteImage.jsp endpoint. Successful exploitation allows an attacker to manipulate the 'upfile' parameter, potentially leading to unauthorized access to internal resources and data exposure. The vulnerability affects JEEWMS version 3.7 and a fix is pending.
The SSRF vulnerability in JEEWMS 3.7 allows an attacker to craft malicious requests through the upfile parameter within the /plug-in/ueditor/jsp/getRemoteImage.jsp endpoint. This can be leveraged to make the server initiate requests to internal resources that are otherwise inaccessible from the outside. An attacker could potentially scan internal networks, access sensitive data stored on internal servers, or even interact with internal APIs. The impact extends beyond simple data exposure; an attacker could potentially use the server as a proxy to bypass firewalls and access restricted services. This vulnerability is particularly concerning given its public disclosure and the potential for widespread exploitation.
This vulnerability was publicly disclosed on 2026-02-23. The description indicates the exploit has been disclosed to the public, increasing the likelihood of active exploitation. The lack of vendor response raises concerns about timely patching. The vulnerability is not currently listed on CISA KEV, but its public nature warrants close monitoring. Public proof-of-concept code is likely to emerge, further increasing the risk.
Exploit Status
EPSS
0.05% (15% percentile)
CISA SSVC
CVSS Vector
Due to the lack of a provided fixed_in version, immediate mitigation strategies are crucial. Implement a Web Application Firewall (WAF) rule to block requests to /plug-in/ueditor/jsp/getRemoteImage.jsp with suspicious or unexpected values in the upfile parameter. Restrict network access to the JEEWMS server, limiting outbound connections to only necessary services. Thoroughly review and audit the UEditor configuration, ensuring that it adheres to security best practices. Monitor access logs for unusual activity related to the getRemoteImage.jsp endpoint. After applying these mitigations, verify their effectiveness by attempting to trigger the SSRF vulnerability with a controlled request.
Update the UEditor library to a patched version that resolves the Server-Side Request Forgery (SSRF) vulnerability. If a patched version is not available, implement robust validations and filters on the 'upfile' parameter to prevent URL manipulation and restrict access to internal resources.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-3026 is a server-side request forgery (SSRF) vulnerability affecting JEEWMS version 3.7, allowing attackers to make unauthorized requests through the /plug-in/ueditor/jsp/getRemoteImage.jsp endpoint.
If you are running JEEWMS version 3.7 and have not applied a fix, you are potentially vulnerable to this SSRF attack. Immediate mitigation steps are recommended.
A specific fix version is not provided. Implement WAF rules, restrict network access, and monitor logs as immediate mitigations until a patch is available.
The vulnerability has been publicly disclosed, increasing the likelihood of exploitation. Monitor your systems closely and implement mitigations immediately.
Due to the lack of vendor response, an official advisory is currently unavailable. Monitor the JEEWMS website and security mailing lists for updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your pom.xml file and we'll tell you instantly if you're affected.