Description
A vulnerability was determined in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the component XML Parser. This manipulation causes xml external entity reference. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-06-21
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An XML Parser used by ADP Application Developer Platform processes user supplied XML documents via the /adpweb/a/base/barcodeDetail/import endpoint. Because the parser accepts XML external entity references, an attacker can supply a crafted XML payload that causes the server to access arbitrary resources or trigger resource exhaustion. This flaw is identified as External Entity Injection (CWE-611) and can lead to the disclosure of internal files, denial of service, or other side‑channel attacks. The vulnerability is publicly known and can be triggered remotely through normal HTTP requests to the vulnerable endpoint.

Affected Systems

The affected product is zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 version 1.0.0. No additional vendor product versions were specified. Any deployment of this platform that includes the /adpweb/a/base/barcodeDetail/import XML parser is susceptible.

Risk and Exploitability

The CVSS score of 5.3 indicates a medium severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. The flaw can be exploited remotely over the network by sending a malicious XML payload to the exposed endpoint. Because the issue resides in parsing code that runs with application privileges, a successful exploitation could enable an attacker to read sensitive files or induce denial of service. The typical attack vector is over HTTP or HTTPS to the web application. The overall risk is moderate, but the lack of immediate remediation from the vendor heightens the urgency of applying mitigations.

Generated by OpenCVE AI on June 21, 2026 at 10:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install a patched version of the ADP Application Developer Platform once the vendor releases one
  • Configure the XML parser to disable external entity resolution or limit the entity namespace to prevent the attack from succeeding
  • Apply network segmentation or firewall rules to restrict access to the /adpweb/a/base/barcodeDetail/import endpoint so only trusted systems can reach it

Generated by OpenCVE AI on June 21, 2026 at 10:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Zhilink
Zhilink adp Application Developer Platform
Vendors & Products Zhilink
Zhilink adp Application Developer Platform

Mon, 22 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 21 Jun 2026 09:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the component XML Parser. This manipulation causes xml external entity reference. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Title zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 XML Parser import xml external entity reference
First Time appeared Zhilink
Zhilink adp Application Developer Platform
Weaknesses CWE-610
CWE-611
CPEs cpe:2.3:a:zhilink_:adp_application_developer_platform_:*:*:*:*:*:*:*:*
Vendors & Products Zhilink
Zhilink adp Application Developer Platform
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


Subscriptions

Zhilink Adp Application Developer Platform
Zhilink Adp Application Developer Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-22T17:54:58.815Z

Reserved: 2026-06-20T09:58:43.177Z

Link: CVE-2026-12788

cve-icon Vulnrichment

Updated: 2026-06-22T17:54:46.697Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T21:00:08Z

Weaknesses
  • CWE-610

    Externally Controlled Reference to a Resource in Another Sphere

  • CWE-611

    Improper Restriction of XML External Entity Reference