CVE-2026-11469 | jishenghua jshERP up to 3.6 platformConfig Add Endpoint PlatformConfigService.java insertPlatformConfig platformValue server-side request forgery (Issue 155)

A vulnerability was found in jishenghua jshERP up to 3.6. It has been declared as critical. Impacted is the function insertPlatformConfig of the file jshERP-boot/src/main/java/com/jsh/erp/service/PlatformConfigService.java of the component platformConfig Add Endpoint. Executing a manipulation of the argument platformValue can lead to server-side request forgery.

This vulnerability appears as CVE-2026-11469. The attack may be performed from remote. In addition, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More