A vulnerability, which was classified as critical , was found in Jinher OA 1.0 . This affects an unknown function of the file nextselectplan.aspx . Such manipulation of the argument httpOID leads to sql injection. This vulnerability is traded as CVE-2026-11435 . The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.