CVE Catalog

CVE-2026-12788

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

14th percentile — higher than 14% of all known CVEs

Summary

A vulnerability was identified in the ADP platform by zhilink (深圳)科技有限公司 version 1.0.0, affecting unknown code in the file /adpweb/a/base/barcodeDetail/import related to the XML parser. This manipulation leads to the exploitation of XML external entity references, allowing for remote attacks.

Risk Assessment

The risk to the organization involves the potential for remote attacks, which could lead to data exposure or system compromise. The public disclosure of the vulnerability increases the likelihood of it being exploited by potential attackers.

Recommendation

It is recommended to immediately update the ADP platform to the latest version to eliminate this vulnerability. A security audit of the system should also be conducted to identify potential threats.

Original NVD description (English source)

A vulnerability was determined in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the component XML Parser. This manipulation causes xml external entity reference. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS