CVE-2026-1218
Unknown Unknown - Not Provided
XML External Entity Injection in Bjskzy Zhiyou ERP Remote Exploit

Publication date: 2026-01-20

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was detected in Bjskzy Zhiyou ERP up to 11.0. Impacted is the function initRCForm of the file RichClientService.class of the component com.artery.richclient.RichClientService. Performing a manipulation results in xml external entity reference. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-20
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-01-20
EPSS Evaluated
2026-06-15
NVD
CVE-2026-1218
EUVD
EUVD-2026-3468
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
beijing_shikong_zhiyou_technology_co_ltd bjskzy_zhiyou_erp to 11.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-611 The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
CWE-610 The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-1218 is an XML External Entity (XXE) injection vulnerability in Bjskzy Zhiyou ERP up to version 11.0. It affects the function initRCForm in the RichClientService.class file. The vulnerability allows an attacker to manipulate XML parsing to reference external entities, which can cause the system to embed unauthorized external documents into its output. This flaw can be exploited remotely without requiring physical or local access, and a proof-of-concept exploit is publicly available. [1, 2]

Impact Analysis

This vulnerability can impact you by compromising the confidentiality, integrity, and availability of the affected system. An attacker exploiting this XXE flaw can gain unauthorized access to sensitive data, cause denial of service, or potentially execute remote code depending on the payload and system configuration. The attack is remotely executable and considered easy to perform, which increases the risk of exploitation. [1, 2]

Detection Guidance

Detection of this vulnerability involves monitoring for XML External Entity (XXE) injection attempts targeting the initRCForm function of the RichClientService component. Since the exploit is public and targets XML processing, network detection can include inspecting XML payloads for external entity references. Specific commands are not provided in the resources, but general approaches include using network intrusion detection systems (NIDS) with signatures for XXE attacks, or analyzing application logs for suspicious XML input. Additionally, scanning the Bjskzy Zhiyou ERP version 11.0 installations for the vulnerable component can help identify exposure. [1, 2]

Mitigation Strategies

Immediate mitigation steps include replacing the affected Bjskzy Zhiyou ERP product with an alternative solution, as no vendor patches or countermeasures have been provided. Users should review their ERP deployments and consider disabling or restricting access to the vulnerable initRCForm function if possible. Monitoring for exploit attempts and limiting network exposure of the ERP system can also reduce risk. Applying general XML parser hardening to disable external entity processing may help if configurable. Since a proof-of-concept exploit is public, urgent action is recommended. [1, 2]

Compliance Impact

The vulnerability allows unauthorized data access and system compromise through XML External Entity injection, impacting confidentiality, integrity, and availability of the system. Since Bjskzy ERP is used in regulated industries such as pharmaceuticals and supply chain, this vulnerability could lead to non-compliance with industry regulations like Good Supply Practice (GSP) standards. Although GDPR or HIPAA are not explicitly mentioned, the potential for data disclosure and system compromise implies risks to compliance with data protection regulations that require safeguarding sensitive information. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1218. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart