{"uuid": "d8a49e35-65a1-40d2-af18-b71aea4ebf4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-36418", "type": "seen", "source": "https://gist.github.com/Catherines77/e3db95f913ab9449cf01bab153a09f48", "content": "[CVE ID]\nCVE-2026-36418\n[PRODUCT]\nhttps://github.com/jeecgboot/jimureport\n[VERSION]\nV2.3.4\n[PROBLEM TYPE]\nRemote Code Execution (RCE)\n[DESCRIPTION]\nJimuReport versions 2.3.4 and below at `/jmreport/executeSelectApi` API do not effectively restrict user input, directly delegating it to the `execute` method of the aviator expression, which leads to aviator expression injection.", "creation_timestamp": "2026-06-16T08:57:04.000000Z"}