CVE-2026-11467
5.4 MEDIUMA security vulnerability has been detected in jishenghua jshERP up to 3.6
Published: 2026-06-08 · Last updated: 2026-06-08
Severity and scoring
- CVSS
- 5.4 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
- CWE
- CWE-22
Description
A security vulnerability has been detected in jishenghua jshERP up to 3.6. This vulnerability affects the function addAccountHeadAndDetail of the file jshERP-boot/src/main/java/com/jsh/erp/service/AccountHeadService.java of the component addAccountHeadAndDetail Endpoint. Such manipulation of the argument fileName leads to path traversal. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-11467
- [Other]https://github.com/jishenghua/jshERP/
- [Other]https://github.com/jishenghua/jshERP/issues/154
- [Other]https://vuldb.com/cve/CVE-2026-11467
- [Other]https://vuldb.com/submit/833656
- [Other]https://vuldb.com/vuln/369087
- [Other]https://vuldb.com/vuln/369087/cti
Related CVEs
Same CWE
- CVE-2026-52726 — Dulwich is a pure-Python implementation of the Git file formats and protocols (7.5 HIGH)
- CVE-2026-49219 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.5 MEDIUM)
- CVE-2026-47712 — Dulwich is a pure-Python implementation of the Git file formats and protocols (3.3 LOW)
- CVE-2026-46703 — Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to ru... (9.6 CRITICAL)
- CVE-2026-42305 — Dulwich is a pure-Python implementation of the Git file formats and protocols (8.8 HIGH)