Home > Vulnerability Database > CVE-2026-1549

Mend.io Vulnerability Database

CVE-2026-1549

Good to know:

Date: January 28, 2026

A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component PluginController. Such manipulation of the argument configFile leads to path traversal. The attack may be launched remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

Severity Score

4.3

Related Resources (8)

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-1549

Url: https://github.com/jishenghua/jshERP/issues/146

Url: https://vuldb.com/?submit.739805

Url: https://vuldb.com/?id.343245

Url: https://github.com/jishenghua/jshERP/

Url: https://vuldb.com/?ctiid.343245

Url: https://github.com/jishenghua/jshERP/issues/146#issue-3817997461

Url: https://www.mend.io/vulnerability-database/CVE-2026-1549

Severity Score

4.3

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2026-1549

Good to know:

Date: January 28, 2026

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?