A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
PUBLISHED5.2ApplicationCWE-200CWE-284
erzhongxmu JeeWMS Boot Actuator Endpoint actuator information disclosure
Problem type
Affected products
erzhongxmu
JeeWMS
141740afb2ba14d441c82a833d0a418d07ca2d69 - AFFECTED
References
VDB-369077 | erzhongxmu JeeWMS Boot Actuator Endpoint actuator information disclosure
https://vuldb.com/vuln/369077
VDB-369077 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/369077/cti
CVE-2026-11458 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-11458
Submit #828538 | 广州华壹智能科技有限公司 JEEWMS latest Unauthorized Sensitive Information Disclosure
https://vuldb.com/submit/828538
github.com
https://github.com/0d000721999/evc1/issues/2
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-11458Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-11458",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2026-06-07T08:00:10.756Z",
"dateReserved": "2026-06-06T16:02:06.216Z",
"datePublished": "2026-06-07T08:00:10.756Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2026-06-07T08:00:10.756Z"
},
"title": "erzhongxmu JeeWMS Boot Actuator Endpoint actuator information disclosure",
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"affected": [
{
"vendor": "erzhongxmu",
"product": "JeeWMS",
"cpes": [
"cpe:2.3:a:jeewms:jeewms:*:*:*:*:*:*:*:*"
],
"modules": [
"Boot Actuator Endpoint"
],
"versions": [
{
"version": "141740afb2ba14d441c82a833d0a418d07ca2d69",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Information Disclosure",
"cweId": "CWE-200",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "Improper Access Controls",
"cweId": "CWE-284",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/vuln/369077",
"name": "VDB-369077 | erzhongxmu JeeWMS Boot Actuator Endpoint actuator information disclosure",
"tags": [
"vdb-entry"
]
},
{
"url": "https://vuldb.com/vuln/369077/cti",
"name": "VDB-369077 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/cve/CVE-2026-11458",
"name": "CVE-2026-11458 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://vuldb.com/submit/828538",
"name": "Submit #828538 | 广州华壹智能科技有限公司 JEEWMS latest Unauthorized Sensitive Information Disclosure",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://github.com/0d000721999/evc1/issues/2",
"tags": [
"exploit",
"issue-tracking"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"baseScore": 5
}
}
],
"timeline": [
{
"time": "2026-06-06T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2026-06-06T02:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2026-06-06T18:07:17.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "0d00 (VulDB User)",
"type": "reporter"
},
{
"lang": "en",
"value": "VulDB CNA Team",
"type": "coordinator"
}
]
}
}
}