A high-severity vulnerability tracked as CVE-2026-58375 affects JimuReport through version 2.5.0, allowing unauthenticated remote attackers to access the POST /jmreport/auto/export endpoint and export report contents without logging in. The issue stems from the endpoint being annotated with @JimuNoLoginRequired, which causes JimuReportTokenInterceptor to skip authentication and authorization checks.
Researchers said the export service also does not verify the auto-export configuration flag before returning data, enabling attackers to enumerate Snowflake report identifiers and retrieve arbitrary report contents. Exposed data can include SQL query results and credentials embedded in report data sources, creating a significant information disclosure risk. The flaw is rated 8.7 CVSS 4.0 and 7.5 CVSS 3.1, and organizations using JimuReport are advised to update to a patched or latest available version and review access controls on sensitive endpoints.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
1 event from the most recent confirmed update back to the earliest known activity.
A high-severity information disclosure and authentication bypass vulnerability affecting JimuReport through version 2.5.0 was publicly disclosed. The flaw in the POST /jmreport/auto/export endpoint allows unauthenticated attackers to enumerate Snowflake report identifiers and export arbitrary report contents, including SQL query results and embedded credentials.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
cvefeed.io
Open sourcevulncheck.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.