CVE-2026-1218

Name of the Vulnerable Software and Affected Versions Bjskzy Zhiyou ERP versions prior to 11.0

Description A flaw exists in Bjskzy Zhiyou ERP that allows for xml external entity reference manipulation. This issue is present in the initRCForm function within the RichClientService.class file of the com.artery.richclient.RichClientService component. The attack can be carried out remotely. The exploit is publicly available. The vendor was notified but did not respond.

Recommendations Versions prior to 11.0 should be updated. As a temporary workaround, consider restricting access to the RichClientService component to minimize the risk of exploitation.