PatchSiren cyber security CVE debrief
CVE-2026-11435 Jinher CVE debrief
A SQL injection vulnerability has been detected in Jinher OA 1.0. The vulnerability affects an unknown function of the file nextselectplan.aspx. Manipulation of the argument httpOID leads to SQL injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- Vendor
- Jinher
- Product
- OA
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-06
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-06
- Advisory updated
- 2026-06-08
Who should care
Users of Jinher OA 1.0 should be aware of this vulnerability and take necessary precautions to protect their systems.
Technical summary
The vulnerability has a CVSS score of 5.5 and a severity of MEDIUM. It is classified as CWE-74 and CWE-89.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or updates as soon as they are available.
- Use prepared statements or parameterized queries to prevent SQL injection.
- Limit access to the affected file and monitor for suspicious activity.
Evidence notes
The vendor was contacted early about this disclosure but did not respond in any way. The exploit has been disclosed publicly and may be used.
Official resources
CVE-2026-11435 was published on 2026-06-06T16:16:54.550Z and modified on 2026-06-08T14:57:14.757Z.