CVE-2026-1218 | Bjskzy Zhiyou ERP up to 11.0 com.artery.richclient.RichClientService RichClientService.class initRCForm xml external entity reference

A vulnerability classified as problematic has been found in Bjskzy Zhiyou ERP up to 11.0. Impacted is the function initRCForm of the file RichClientService.class of the component com.artery.richclient.RichClientService. Performing a manipulation results in xml external entity reference.

This vulnerability is reported as CVE-2026-1218. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-1218 | Bjskzy Zhiyou ERP up to 11.0 com.artery.richclient.RichClientService RichClientService.class initRCForm xml external entity reference

Post correlati

CVE-2024-40560 | Tmall Demo prior 2024.07.03 sql injection

CVE-2025-12416 | Pagerank Tools Plugin up to 1.1.5 on WordPress pr_save_settings cross-site request forgery

CVE-2022-43880 | IBM QRadar WinCollect Agent up to 10.1.2 resource consumption (XFDB-240151)

CVE-2024-11008 | Members Plugin up to 3.2.10 on WordPress information disclosure