PatchSiren cyber security CVE debrief
CVE-2026-11458 erzhongxmu CVE debrief
A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
- Vendor
- erzhongxmu
- Product
- JeeWMS
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-07
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-07
- Advisory updated
- 2026-06-08
Who should care
Users of erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69 should be aware of this information disclosure vulnerability.
Technical summary
The vulnerability has a CVSS score of 5.5 and a severity of MEDIUM. It is classified as CWE-200 and CWE-284.
Defensive priority
MEDIUM
Recommended defensive actions
- Review and update erzhongxmu JeeWMS to the latest version, if available.
- Restrict access to the /base-boot/actuator endpoint.
- Monitor for suspicious activity on the affected system.
Evidence notes
The CVE record was published on 2026-06-07T09:16:22.050Z and modified on 2026-06-08T14:57:14.757Z. The vulnerability was reported by an unknown vendor.
Official resources
CVE-2026-11458 was published on 2026-06-07T09:16:22.050Z and modified on 2026-06-08T14:57:14.757Z.