CVE-2026-11469

MEDIUM 4.7

jishenghua jshERP platformConfig Add Endpoint PlatformConfigService.java insertPlatformConfig server-side request forgery

CVSS Score

4.7

EPSS Score

0.0%

EPSS Percentile

0th

A flaw has been found in jishenghua jshERP up to 3.6. Impacted is the function insertPlatformConfig of the file jshERP-boot/src/main/java/com/jsh/erp/service/PlatformConfigService.java of the component platformConfig Add Endpoint. Executing a manipulation of the argument platformValue can lead to server-side request forgery. The attack may be performed from remote. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CWE	CWE-918
Vendor	jishenghua
Product	jsherp
Published	Jun 7, 2026
Last Updated	Jun 8, 2026

Stay Ahead of the Next One

Get instant alerts for jishenghua jsherp

Be the first to know when new medium vulnerabilities affecting jishenghua jsherp are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

jishenghua / jshERP

3.0 3.1 3.2 3.3 3.4 3.5 3.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/369089 vuldb.com: https://vuldb.com/vuln/369089/cti vuldb.com: https://vuldb.com/cve/CVE-2026-11469 vuldb.com: https://vuldb.com/submit/833815 github.com: https://github.com/jishenghua/jshERP/issues/155 github.com: https://github.com/jishenghua/jshERP/

Credits

🔍 Ana10gy (VulDB User) VulDB CNA Team