Plataforma
java
Componente
ueditor
Corregido en
3.7.1
CVE-2026-3026 describes a server-side request forgery (SSRF) vulnerability discovered in JEEWMS 3.7. This flaw resides within the UEditor component, specifically the /plug-in/ueditor/jsp/getRemoteImage.jsp endpoint. Successful exploitation allows an attacker to manipulate the 'upfile' parameter, potentially leading to unauthorized access to internal resources and data exposure. The vulnerability affects JEEWMS version 3.7 and a fix is pending.
The SSRF vulnerability in JEEWMS 3.7 allows an attacker to craft malicious requests through the upfile parameter within the /plug-in/ueditor/jsp/getRemoteImage.jsp endpoint. This can be leveraged to make the server initiate requests to internal resources that are otherwise inaccessible from the outside. An attacker could potentially scan internal networks, access sensitive data stored on internal servers, or even interact with internal APIs. The impact extends beyond simple data exposure; an attacker could potentially use the server as a proxy to bypass firewalls and access restricted services. This vulnerability is particularly concerning given its public disclosure and the potential for widespread exploitation.
This vulnerability was publicly disclosed on 2026-02-23. The description indicates the exploit has been disclosed to the public, increasing the likelihood of active exploitation. The lack of vendor response raises concerns about timely patching. The vulnerability is not currently listed on CISA KEV, but its public nature warrants close monitoring. Public proof-of-concept code is likely to emerge, further increasing the risk.
Organizations using JEEWMS 3.7, particularly those with exposed UEditor instances or internal services accessible via the JEEWMS server, are at significant risk. Shared hosting environments where JEEWMS is deployed alongside other applications are also vulnerable, as a compromise of one instance could potentially lead to lateral movement and impact other tenants.
• java / server:
journalctl -u jeeewms -f | grep "getRemoteImage.jsp"• generic web:
curl -I <JEEWMS_URL>/plug-in/ueditor/jsp/getRemoteImage.jsp?upfile=http://internal.server/sensitive_data.txt• generic web:
grep -r 'getRemoteImage.jsp' /var/log/apache2/access.logdisclosure
Estado del Exploit
EPSS
0.05% (15% percentil)
CISA SSVC
Vector CVSS
Due to the lack of a provided fixed_in version, immediate mitigation strategies are crucial. Implement a Web Application Firewall (WAF) rule to block requests to /plug-in/ueditor/jsp/getRemoteImage.jsp with suspicious or unexpected values in the upfile parameter. Restrict network access to the JEEWMS server, limiting outbound connections to only necessary services. Thoroughly review and audit the UEditor configuration, ensuring that it adheres to security best practices. Monitor access logs for unusual activity related to the getRemoteImage.jsp endpoint. After applying these mitigations, verify their effectiveness by attempting to trigger the SSRF vulnerability with a controlled request.
Actualizar la librería UEditor a una versión parcheada que solucione la vulnerabilidad de Server-Side Request Forgery (SSRF). Si no hay una versión parcheada disponible, implementar validaciones y filtros robustos en el parámetro 'upfile' para prevenir la manipulación de la URL y restringir el acceso a recursos internos.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2026-3026 is a server-side request forgery (SSRF) vulnerability affecting JEEWMS version 3.7, allowing attackers to make unauthorized requests through the /plug-in/ueditor/jsp/getRemoteImage.jsp endpoint.
If you are running JEEWMS version 3.7 and have not applied a fix, you are potentially vulnerable to this SSRF attack. Immediate mitigation steps are recommended.
A specific fix version is not provided. Implement WAF rules, restrict network access, and monitor logs as immediate mitigations until a patch is available.
The vulnerability has been publicly disclosed, increasing the likelihood of exploitation. Monitor your systems closely and implement mitigations immediately.
Due to the lack of vendor response, an official advisory is currently unavailable. Monitor the JEEWMS website and security mailing lists for updates.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.
Sube tu archivo pom.xml y te decimos al instante si estás afectado.