PatchSiren cyber security CVE debrief
CVE-2026-11469 jishenghua CVE debrief
A flaw has been found in jishenghua jshERP up to 3.6. Impacted is the function insertPlatformConfig of the file jshERP-boot/src/main/java/com/jsh/erp/service/PlatformConfigService.java of the component platformConfig Add Endpoint. Executing a manipulation of the argument platformValue can lead to server-side request forgery. The attack may be performed from remote. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
- Vendor
- jishenghua
- Product
- jshERP
- CVSS
- LOW 2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-08
Who should care
Users of jishenghua jshERP up to 3.6
Technical summary
The vulnerability has a CVSS score of 2 and a CVSS severity of LOW. It is related to CWE-918.
Defensive priority
Low
Recommended defensive actions
- Update to a version of jishenghua jshERP that is not vulnerable
- Restrict access to the platformConfig Add Endpoint
Evidence notes
Vendor and Product information could not be confirmed.
Official resources
CVE-2026-11469 was published on 2026-06-08T00:16:42.580Z and modified on 2026-06-08T14:57:14.757Z.