{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1218", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-01-19T23:19:20.859Z", "datePublished": "2026-01-20T05:32:07.224Z", "dateUpdated": "2026-02-23T08:52:03.555Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T08:52:03.555Z"}, "title": "Bjskzy Zhiyou ERP com.artery.richclient.RichClientService RichClientService.class initRCForm xml external entity reference", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-611", "lang": "en", "description": "XML External Entity Reference"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-610", "lang": "en", "description": "Externally Controlled Reference"}]}], "affected": [{"vendor": "Bjskzy", "product": "Zhiyou ERP", "versions": [{"version": "11.0", "status": "affected"}], "modules": ["com.artery.richclient.RichClientService"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in Bjskzy Zhiyou ERP up to 11.0. Impacted is the function initRCForm of the file RichClientService.class of the component com.artery.richclient.RichClientService. Performing a manipulation results in xml external entity reference. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-01-19T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-01-20T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-01-20T08:20:29.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "dptcc (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.341908", "name": "VDB-341908 | Bjskzy Zhiyou ERP com.artery.richclient.RichClientService RichClientService.class initRCForm xml external entity reference", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.341908", "name": "VDB-341908 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.735201", "name": "Submit #735201 | Bjskzy Enterprise Resource Planning Software 11.0 XML External Entity Reference", "tags": ["third-party-advisory"]}, {"url": "https://github.com/dingpotian/cve-vul/blob/main/Shikong-Zhiyou-ERP/Shikong-Zhiyou-ERP-XXE-RichClientService-initRCForm.md", "tags": ["broken-link", "exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-20T20:21:32.301398Z", "id": "CVE-2026-1218", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-20T20:22:43.926Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1218", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-20T20:21:32.301398Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-20T20:22:38.929Z"}}], "cna": {"title": "Bjskzy Zhiyou ERP com.artery.richclient.RichClientService RichClientService.class initRCForm xml external entity reference", "credits": [{"lang": "en", "type": "reporter", "value": "dptcc (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "Bjskzy", "modules": ["com.artery.richclient.RichClientService"], "product": "Zhiyou ERP", "versions": [{"status": "affected", "version": "11.0"}]}], "timeline": [{"lang": "en", "time": "2026-01-19T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-01-20T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-01-20T08:20:29.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.341908", "name": "VDB-341908 | Bjskzy Zhiyou ERP com.artery.richclient.RichClientService RichClientService.class initRCForm xml external entity reference", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.341908", "name": "VDB-341908 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.735201", "name": "Submit #735201 | Bjskzy Enterprise Resource Planning Software 11.0 XML External Entity Reference", "tags": ["third-party-advisory"]}, {"url": "https://github.com/dingpotian/cve-vul/blob/main/Shikong-Zhiyou-ERP/Shikong-Zhiyou-ERP-XXE-RichClientService-initRCForm.md", "tags": ["broken-link", "exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in Bjskzy Zhiyou ERP up to 11.0. Impacted is the function initRCForm of the file RichClientService.class of the component com.artery.richclient.RichClientService. Performing a manipulation results in xml external entity reference. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-611", "description": "XML External Entity Reference"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-610", "description": "Externally Controlled Reference"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T08:52:03.555Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1218", "state": "PUBLISHED", "dateUpdated": "2026-02-23T08:52:03.555Z", "dateReserved": "2026-01-19T23:19:20.859Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-01-20T05:32:07.224Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in Bjskzy Zhiyou ERP up to 11.0. Impacted is the function initRCForm of the file RichClientService.class of the component com.artery.richclient.RichClientService. Performing a manipulation results in xml external entity reference. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Una vulnerabilidad fue detectada en Bjskzy Zhiyou ERP hasta 11.0. Afectada es la funci\u00f3n initRCForm del archivo RichClientService.class del componente com.artery.richclient.RichClientService. Realizar una manipulaci\u00f3n resulta en referencia a entidad externa XML. El ataque es posible de ser llevado a cabo remotamente. El exploit es ahora p\u00fablico y puede ser usado. El proveedor fue contactado tempranamente sobre esta divulgaci\u00f3n pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2026-1218", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-01-20T06:16:00.797", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/dingpotian/cve-vul/blob/main/Shikong-Zhiyou-ERP/Shikong-Zhiyou-ERP-XXE-RichClientService-initRCForm.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.341908"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.341908"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.735201"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-610"}, {"lang": "en", "value": "CWE-611"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T19:03:35.901330+00:00", "value": {"mitigation_remediation": ["Configure the XML parser to disallow external entity resolution, such as disabling DOCTYPE declarations or providing a null entity resolver.", "Limit access to the RichClientService endpoint to trusted hosts only and monitor for unusual XML payloads or attempts to resolve external entities.", "Apply a vendor update or patch as soon as one is released that mitigates the XXE flaw in RichClientService."], "summary": {"action": "Mitigate", "impact": "Information Disclosure via XML External Entity"}, "threat_synthesis": {"affected_systems": "Vendor Bjskzy\u2019s Zhiyou ERP versions 11.0 and earlier are vulnerable. The issue resides in com.artery.richclient.RichClientService and affects any deployment that uses the initRCForm RPC endpoint.", "description_and_impact": "The flaw is in the initRCForm method of the RichClientService component, where XML input is parsed without restricting external entity resolution. An attacker can supply crafted XML that forces the server to read internal files or reach out to arbitrary network destinations, exposing confidential data. Based on the description, it is inferred that this could enable server\u2011side request forgery. This weakness is classified as CWE\u2011610 and CWE\u2011611.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 5.3, indicating moderate severity, and an EPSS score of less than 1\u202f%, suggesting a low likelihood of exploitation in the near future. The flaw is not listed in the CISA KEV catalog. The attack vector is remote, requiring only the ability to send XML data to the RichClientService interface; no authentication or privileged access is explicitly mentioned in the description."}}}}, "created": "2026-01-20T08:39:56.922263+00:00", "updated": "2026-04-18T19:15:10.601818+00:00", "vendors": ["bjskzy", "bjskzy$PRODUCT$zhiyou_erp"]}