Which versions of Jinher OA are affected by CVE-2026-7670?

Jinher OA 1.0 contains a critical SQL injection vulnerability in the UserSel.aspx component that allows unauthenticated remote attackers to access and manipulate the database directly, potentially…

Is there a public PoC exploit available for CVE-2026-7670?

Yes, a public proof-of-concept exploit is available for CVE-2026-7670. Prioritise patching immediately. EPSS: 0.0%.

Jinher OA CVE-2026-7670

Q: What is the CVSS score of CVE-2026-7670?

CVE-2026-7670 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

MEDIUM

SQL Injection (CWE-89)

2026-05-02 VulDB

SQLi

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

May 04, 2026 - 15:19 vuln.today

Public exploit code

Severity Changed

May 02, 2026 - 23:22 NVD

HIGH MEDIUM

CVSS changed

May 02, 2026 - 23:22 NVD

7.3 (HIGH) 5.5 (MEDIUM)

Analysis Generated

May 02, 2026 - 23:00 vuln.today

Analysis Generated

May 02, 2026 - 22:30 vuln.today

CVE Published

May 02, 2026 - 22:15 nvd

MEDIUM 5.5

DescriptionNVD

A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

SQL injection in Jinher OA 1.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the DeptIDList parameter in UserSel.aspx. The vulnerability permits unauthorized database access with potential for data exfiltration, modification, and limited system compromise. …

RemediationAI

Within 24 hours: Identify all instances of Jinher OA 1.0 in your environment and isolate affected systems from production networks or restrict network access to UserSel.aspx endpoints. Within 7 days: Implement Web Application Firewall (WAF) rules to block SQL injection patterns targeting the DeptIDList parameter, and conduct database access logs review for signs of exploitation. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7670 vulnerability details – vuln.today

Back

Jinher OA CVE-2026-7670

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Jinher OA CVE-2026-7670

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code