Common Weakness Enumeration

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

CVE-2026-2536 (GCVE-0-2026-2536)

Vulnerability from cvelistv5 – Published: 2026-02-16 05:02 – Updated: 2026-02-23 10:05
VLAI
Title
opencc JFlow Workflow WF_Admin_AttrFlow.java Imp_Done xml external entity reference
Summary
A vulnerability was determined in opencc JFlow up to 20260129. This affects the function Imp_Done of the file src/main/java/bp/wf/httphandler/WF_Admin_AttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - XML External Entity Reference
  • CWE-610 - Externally Controlled Reference
Assigner
References
URL Tags
https://vuldb.com/?id.346124 vdb-entrytechnical-description
https://vuldb.com/?ctiid.346124 signaturepermissions-required
https://vuldb.com/?submit.748807 third-party-advisory
https://vuldb.com/?submit.748808 third-party-advisory
https://gitee.com/opencc/JFlow/issues/IDN7GT exploitissue-tracking
https://gitee.com/opencc/JFlow/ product
Impacted products
Vendor Product Version
opencc JFlow Affected: 20260129
Create a notification for this product.
Credits
MaoQiu (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2536",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-17T17:05:07.890851Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-17T17:05:15.429Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Workflow Engine"
          ],
          "product": "JFlow",
          "vendor": "opencc",
          "versions": [
            {
              "status": "affected",
              "version": "20260129"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "MaoQiu (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was determined in opencc JFlow up to 20260129. This affects the function Imp_Done of the file src/main/java/bp/wf/httphandler/WF_Admin_AttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-610",
              "description": "Externally Controlled Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-23T10:05:58.889Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-346124 | opencc JFlow Workflow WF_Admin_AttrFlow.java Imp_Done xml external entity reference",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.346124"
        },
        {
          "name": "VDB-346124 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.346124"
        },
        {
          "name": "Submit #748807 | https://gitee.com/opencc/JFlow JFlow latest version XML External Entity Injection (XXE)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.748807"
        },
        {
          "name": "Submit #748808 | https://gitee.com/opencc/JFlow JFlow latest version XML External Entity Injection (XXE) (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.748808"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://gitee.com/opencc/JFlow/issues/IDN7GT"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://gitee.com/opencc/JFlow/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-15T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-02-15T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-02-20T07:24:21.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "opencc JFlow Workflow WF_Admin_AttrFlow.java Imp_Done xml external entity reference"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-2536",
    "datePublished": "2026-02-16T05:02:14.100Z",
    "dateReserved": "2026-02-15T09:19:07.190Z",
    "dateUpdated": "2026-02-23T10:05:58.889Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-26171 (GCVE-0-2026-26171)

Vulnerability from cvelistv5 – Published: 2026-04-14 16:58 – Updated: 2026-06-30 12:08
VLAI
Title
.NET Denial of Service Vulnerability
Summary
Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-400 - Uncontrolled Resource Consumption
  • CWE-611 - Improper Restriction of XML External Entity Reference
  • CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Assigner
References
URL Tags
https://msrc.microsoft.com/update-guide/vulnerabi… vendor-advisorypatch
https://access.redhat.com/security/cve/CVE-2026-26171 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2457739 issue-trackingx_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:13281 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13280 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8467 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8470 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8472 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8473 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8468 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8475 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13693 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13283 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13282 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8471 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8469 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8474 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:9077 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:9080 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:9205 vendor-advisoryx_refsource_REDHAT
Impacted products
Vendor Product Version
Microsoft .NET 10.0 Affected: 10.0.0 , < 10.0.6 (custom)
Create a notification for this product.
Microsoft .NET 8.0 Affected: 8.0.0 , < 8.0.26 (custom)
Create a notification for this product.
Microsoft .NET 9.0 Affected: 9.0.0 , < 9.0.15 (custom)
Create a notification for this product.
Microsoft PowerShell 7.5 Affected: 7.5.0 , < 7.5.6 (custom)
Create a notification for this product.
Microsoft PowerShell 7.6 Affected: 7.6.0 , < 7.6.1 (custom)
Create a notification for this product.
Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
Create a notification for this product.
Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
Create a notification for this product.
Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
Create a notification for this product.
Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
Create a notification for this product.
Red Hat Red Hat Enterprise Linux CRB (v. 8)     cpe:/a:redhat:enterprise_linux:8::crb
Create a notification for this product.
Red Hat Red Hat CodeReady Linux Builder EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::crb
Create a notification for this product.
Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
Create a notification for this product.
Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
Create a notification for this product.
Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
Create a notification for this product.
Date Public
2026-04-14 14:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-26171",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-14T18:53:29.483401Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-14T18:53:37.106Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux_eus:10.0"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10.1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 10)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 9)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux_eus:10.0"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10.1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:8::crb"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux CRB (v. 8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.4::crb"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.6::crb"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9::crb"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:hummingbird:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Hardened Images",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-04-14T18:39:18.599Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in .NET. A remote attacker could exploit a vulnerability related to unsafe transforms in EncryptedXml. This could lead to a Denial of Service (DoS), making the service unavailable, and a bypass of security features."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-776",
                "description": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T12:08:12.004Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-26171"
          },
          {
            "name": "RHBZ#2457739",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457739"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-26171.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13281"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13280"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8467"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8470"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8472"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8473"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8468"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8475"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13693"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13283"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13282"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8471"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8469"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8474"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:9077"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:9080"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:9205"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:13281: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13280: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8467: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8470: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8472: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8473: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8468: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8475: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13693: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13283: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13282: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8471: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8469: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8474: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:9077: Red Hat Hardened Images"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:9080: Red Hat Hardened Images"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:9205: Red Hat Hardened Images"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-04-13T05:00:07.414Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-04-14T18:39:18.599Z",
            "value": "Made public."
          }
        ],
        "title": "dotnet: .NET: Security Bypass and Denial of Service Vulnerability",
        "workarounds": [
          {
            "lang": "en",
            "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
          }
        ],
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": ".NET 10.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.6",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": ".NET 8.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "8.0.26",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": ".NET 9.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "9.0.15",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "PowerShell 7.5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.5.6",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "PowerShell 7.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.6.1",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                  "versionEndExcluding": "7.5.6",
                  "versionStartIncluding": "7.5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.6",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "8.0.26",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "9.0.15",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                  "versionEndExcluding": "7.6.1",
                  "versionStartIncluding": "7.6.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-04-14T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en-US",
              "type": "CWE"
            },
            {
              "cweId": "CWE-611",
              "description": "CWE-611: Improper Restriction of XML External Entity Reference",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-19T16:08:51.778Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": ".NET Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26171"
        }
      ],
      "title": ".NET Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-26171",
    "datePublished": "2026-04-14T16:58:37.655Z",
    "dateReserved": "2026-02-11T18:33:57.776Z",
    "dateUpdated": "2026-06-30T12:08:12.004Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-28809 (GCVE-0-2026-28809)

Vulnerability from cvelistv5 – Published: 2026-03-23 10:09 – Updated: 2026-05-27 15:41
VLAI
Title
XXE in esaml SAML library allows local file read and potential SSRF
Summary
XML External Entity (XXE) vulnerability in esaml (and its forks) allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using xmerl_scan:string/2 before signature verification without disabling XML entity expansion. On Erlang/OTP versions before 27, Xmerl allows entities by default, enabling pre-signature XXE attacks. An attacker can cause the host to read local files (e.g., Kubernetes-mounted secrets) into the SAML document. If the attacker is not a trusted SAML SP, signature verification will fail and the document is discarded, but file contents may still be exposed through logs or error messages. This issue affects all versions of esaml, including forks by arekinath, handnot2, and dropbox. Users running on Erlang/OTP 27 or later are not affected due to Xmerl defaulting to entities disabled.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
EEF
Impacted products
Vendor Product Version
dropbox esaml     cpe:2.3:a:dropbox:esaml:*:*:*:*:*:*:*:*
    cpe:2.3:a:arekinath:esaml:*:*:*:*:*:*:*:*
    cpe:2.3:a:handnot2:esaml:*:*:*:*:*:*:*:*
Create a notification for this product.
arekinath esaml     cpe:2.3:a:arekinath:esaml:*:*:*:*:*:*:*:*
Create a notification for this product.
handnot2 esaml     cpe:2.3:a:handnot2:esaml:*:*:*:*:*:*:*:*
Create a notification for this product.
dropbox esaml     cpe:2.3:a:dropbox:esaml:*:*:*:*:*:*:*:*
Create a notification for this product.
Jump-App esaml Affected: 0 , < bab85efde7c136911402a881ca55173759467a26 (git)
Unaffected: bab85efde7c136911402a881ca55173759467a26 (git)
    cpe:2.3:a:jump-app:esaml:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Bryan Lynch Jonatan Männchen / EEF
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-28809",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-23T15:07:17.488260Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-23T15:52:46.187Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:dropbox:esaml:*:*:*:*:*:*:*:*",
            "cpe:2.3:a:arekinath:esaml:*:*:*:*:*:*:*:*",
            "cpe:2.3:a:handnot2:esaml:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "affected",
          "packageName": "esaml",
          "packageURL": "pkg:hex/esaml",
          "product": "esaml",
          "vendor": "dropbox"
        },
        {
          "collectionURL": "https://github.com",
          "cpes": [
            "cpe:2.3:a:arekinath:esaml:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "affected",
          "packageName": "arekinath/esaml",
          "packageURL": "pkg:github/arekinath/esaml",
          "product": "esaml",
          "repo": "https://github.com/arekinath/esaml.git",
          "vendor": "arekinath"
        },
        {
          "collectionURL": "https://github.com",
          "cpes": [
            "cpe:2.3:a:handnot2:esaml:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "affected",
          "packageName": "handnot2/esaml",
          "packageURL": "pkg:github/handnot2/esaml",
          "product": "esaml",
          "repo": "https://github.com/handnot2/esaml.git",
          "vendor": "handnot2"
        },
        {
          "collectionURL": "https://github.com",
          "cpes": [
            "cpe:2.3:a:dropbox:esaml:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "affected",
          "packageName": "dropbox/esaml",
          "packageURL": "pkg:github/dropbox/esaml",
          "product": "esaml",
          "repo": "https://github.com/dropbox/esaml.git",
          "vendor": "dropbox"
        },
        {
          "collectionURL": "https://github.com",
          "cpes": [
            "cpe:2.3:a:jump-app:esaml:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "affected",
          "packageName": "Jump-App/esaml",
          "packageURL": "pkg:github/Jump-App/esaml",
          "product": "esaml",
          "repo": "https://github.com/Jump-App/esaml.git",
          "vendor": "Jump-App",
          "versions": [
            {
              "lessThan": "bab85efde7c136911402a881ca55173759467a26",
              "status": "affected",
              "version": "0",
              "versionType": "git"
            },
            {
              "status": "unaffected",
              "version": "bab85efde7c136911402a881ca55173759467a26",
              "versionType": "git"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The application must use esaml to process SAML messages and run on Erlang/OTP versions before 27. Starting with OTP 27, \u003ctt\u003exmerl_scan\u003c/tt\u003e disables entity expansion by default, which mitigates this vulnerability."
            }
          ],
          "value": "The application must use esaml to process SAML messages and run on Erlang/OTP versions before 27. Starting with OTP 27, xmerl_scan disables entity expansion by default, which mitigates this vulnerability."
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:dropbox:esaml:*:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arekinath:esaml:*:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:handnot2:esaml:*:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:jump-app:esaml:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "bab85efde7c136911402a881ca55173759467a26",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "AND"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Bryan Lynch"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Jonatan M\u00e4nnchen / EEF"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "XML External Entity (XXE) vulnerability in esaml (and its forks) allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages.\u003cp\u003eesaml parses attacker-controlled SAML messages using \u003ctt\u003exmerl_scan:string/2\u003c/tt\u003e before signature verification without disabling XML entity expansion. On Erlang/OTP versions before 27, Xmerl allows entities by default, enabling pre-signature XXE attacks. An attacker can cause the host to read local files (e.g., Kubernetes-mounted secrets) into the SAML document. If the attacker is not a trusted SAML SP, signature verification will fail and the document is discarded, but file contents may still be exposed through logs or error messages.\u003c/p\u003e\u003cp\u003eThis issue affects all versions of esaml, including forks by arekinath, handnot2, and dropbox. Users running on Erlang/OTP 27 or later are not affected due to Xmerl defaulting to entities disabled.\u003c/p\u003e"
            }
          ],
          "value": "XML External Entity (XXE) vulnerability in esaml (and its forks) allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages.\n\nesaml parses attacker-controlled SAML messages using xmerl_scan:string/2 before signature verification without disabling XML entity expansion. On Erlang/OTP versions before 27, Xmerl allows entities by default, enabling pre-signature XXE attacks. An attacker can cause the host to read local files (e.g., Kubernetes-mounted secrets) into the SAML document. If the attacker is not a trusted SAML SP, signature verification will fail and the document is discarded, but file contents may still be exposed through logs or error messages.\n\nThis issue affects all versions of esaml, including forks by arekinath, handnot2, and dropbox. Users running on Erlang/OTP 27 or later are not affected due to Xmerl defaulting to entities disabled."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-201",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-201 Serialized Data External Linking"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611 Improper Restriction of XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-27T15:41:20.808Z",
        "orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
        "shortName": "EEF"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory",
            "related"
          ],
          "url": "https://cna.erlef.org/cves/CVE-2026-28809.html"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://osv.dev/vulnerability/EEF-CVE-2026-28809"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/Jump-App/esaml/commit/bab85efde7c136911402a881ca55173759467a26"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "XXE in esaml SAML library allows local file read and potential SSRF",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Upgrade to Erlang/OTP 27 or later. Starting with OTP 27, \u003ctt\u003exmerl_scan\u003c/tt\u003e disables entity expansion by default, which mitigates this vulnerability without changes to esaml."
            }
          ],
          "value": "Upgrade to Erlang/OTP 27 or later. Starting with OTP 27, xmerl_scan disables entity expansion by default, which mitigates this vulnerability without changes to esaml."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 1.0.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
    "assignerShortName": "EEF",
    "cveId": "CVE-2026-28809",
    "datePublished": "2026-03-23T10:09:29.233Z",
    "dateReserved": "2026-03-03T14:40:00.590Z",
    "dateUpdated": "2026-05-27T15:41:20.808Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-32251 (GCVE-0-2026-32251)

Vulnerability from cvelistv5 – Published: 2026-03-12 19:21 – Updated: 2026-03-13 16:15
VLAI
Title
Tolgee has an XXE Injection in Translation Import
Summary
Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing Android XML resources (.xml) and .resx files don't disable external entity processing. An authenticated user who can import translation files into a project can exploit this to read arbitrary files from the server and make server-side requests to internal services. This vulnerability is fixed in 3.166.3.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
Impacted products
Vendor Product Version
tolgee tolgee-platform Affected: < 3.166.3
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-32251",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-13T16:15:41.015285Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-13T16:15:44.484Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/tolgee/tolgee-platform/security/advisories/GHSA-rcvv-64pq-vxfx"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tolgee-platform",
          "vendor": "tolgee",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.166.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing Android XML resources (.xml) and .resx files don\u0027t disable external entity processing. An authenticated user who can import translation files into a project can exploit this to read arbitrary files from the server and make server-side requests to internal services. This vulnerability is fixed in 3.166.3."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611: Improper Restriction of XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-12T19:21:05.130Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/tolgee/tolgee-platform/security/advisories/GHSA-rcvv-64pq-vxfx",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/tolgee/tolgee-platform/security/advisories/GHSA-rcvv-64pq-vxfx"
        },
        {
          "name": "https://github.com/tolgee/tolgee-platform/commit/7c71d5a849c9984a8c5c55b121992417442a47a5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tolgee/tolgee-platform/commit/7c71d5a849c9984a8c5c55b121992417442a47a5"
        },
        {
          "name": "https://github.com/tolgee/tolgee-platform/releases/tag/v3.166.3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tolgee/tolgee-platform/releases/tag/v3.166.3"
        }
      ],
      "source": {
        "advisory": "GHSA-rcvv-64pq-vxfx",
        "discovery": "UNKNOWN"
      },
      "title": "Tolgee has an XXE Injection in Translation Import"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-32251",
    "datePublished": "2026-03-12T19:21:05.130Z",
    "dateReserved": "2026-03-11T14:47:05.686Z",
    "dateUpdated": "2026-03-13T16:15:44.484Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33737 (GCVE-0-2026-33737)

Vulnerability from cvelistv5 – Published: 2026-04-10 19:05 – Updated: 2026-04-13 16:02
VLAI
Title
Chamilo LMS has an XML External Entity (XXE) Injection
Summary
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexml_load_string() without XXE protection. With LIBXML_NOENT flag, arbitrary server files can be read. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
Impacted products
Vendor Product Version
chamilo chamilo-lms Affected: < 1.11.38
Affected: >= 2.0.0-alpha.1, < 2.0.0-RC.3
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33737",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-13T16:01:59.171472Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-13T16:02:10.691Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "chamilo-lms",
          "vendor": "chamilo",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.11.38"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.0.0-alpha.1, \u003c 2.0.0-RC.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexml_load_string() without XXE protection. With LIBXML_NOENT flag, arbitrary server files can be read. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611: Improper Restriction of XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-10T19:05:08.873Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-c4ww-qgf2-v89j",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-c4ww-qgf2-v89j"
        },
        {
          "name": "https://github.com/chamilo/chamilo-lms/commit/22b1cb1c609b643765c88654155aba27070c927e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/chamilo/chamilo-lms/commit/22b1cb1c609b643765c88654155aba27070c927e"
        },
        {
          "name": "https://github.com/chamilo/chamilo-lms/commit/af6b7002af7c15825e98fc522e2ead0d00cacaa3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/chamilo/chamilo-lms/commit/af6b7002af7c15825e98fc522e2ead0d00cacaa3"
        }
      ],
      "source": {
        "advisory": "GHSA-c4ww-qgf2-v89j",
        "discovery": "UNKNOWN"
      },
      "title": "Chamilo LMS has an XML External Entity (XXE) Injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33737",
    "datePublished": "2026-04-10T19:05:08.873Z",
    "dateReserved": "2026-03-23T17:34:57.561Z",
    "dateUpdated": "2026-04-13T16:02:10.691Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33913 (GCVE-0-2026-33913)

Vulnerability from cvelistv5 – Published: 2026-03-25 22:52 – Updated: 2026-03-26 18:08
VLAI
Title
OpenEMR: XInclude Injection in CCDA Import Allows Reading Arbitrary Server Files
Summary
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing `<xi:include href="file:///etc/passwd" parse="text"/>` to read arbitrary files from the server. Version 8.0.0.3 patches the issue.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
Impacted products
Vendor Product Version
openemr openemr Affected: < 8.0.0.3
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33913",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-26T18:08:22.949304Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-26T18:08:31.010Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "openemr",
          "vendor": "openemr",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 8.0.0.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing `\u003cxi:include href=\"file:///etc/passwd\" parse=\"text\"/\u003e` to read arbitrary files from the server. Version 8.0.0.3 patches the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611: Improper Restriction of XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-25T22:52:50.449Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/openemr/openemr/security/advisories/GHSA-9757-3cfj-wc8q",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openemr/openemr/security/advisories/GHSA-9757-3cfj-wc8q"
        },
        {
          "name": "https://github.com/openemr/openemr/commit/67e1702c41cf486af0069bdafce19860e2cd9a11",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/openemr/openemr/commit/67e1702c41cf486af0069bdafce19860e2cd9a11"
        },
        {
          "name": "https://github.com/openemr/openemr/releases/tag/v8_0_0_3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/openemr/openemr/releases/tag/v8_0_0_3"
        }
      ],
      "source": {
        "advisory": "GHSA-9757-3cfj-wc8q",
        "discovery": "UNKNOWN"
      },
      "title": "OpenEMR: XInclude Injection in CCDA Import Allows Reading Arbitrary Server Files"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33913",
    "datePublished": "2026-03-25T22:52:50.449Z",
    "dateReserved": "2026-03-24T15:41:47.492Z",
    "dateUpdated": "2026-03-26T18:08:31.010Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-3404 (GCVE-0-2026-3404)

Vulnerability from cvelistv5 – Published: 2026-03-02 01:32 – Updated: 2026-03-02 15:17
VLAI
Title
thinkgem JeeSite Endpoint CasOutHandler.java xml external entity reference
Summary
A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the file /com/jeesite/common/shiro/cas/CasOutHandler.java of the component Endpoint. Executing a manipulation can lead to xml external entity reference. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is considered difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - XML External Entity Reference
  • CWE-610 - Externally Controlled Reference
Assigner
References
Impacted products
Vendor Product Version
thinkgem JeeSite Affected: 5.15.0
Affected: 5.15.1
    cpe:2.3:a:jeesite:jeesite:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Saul1213 (VulDB User) VulDB
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-3404",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-02T15:16:36.199792Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-02T15:17:14.605Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:jeesite:jeesite:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Endpoint"
          ],
          "product": "JeeSite",
          "vendor": "thinkgem",
          "versions": [
            {
              "status": "affected",
              "version": "5.15.0"
            },
            {
              "status": "affected",
              "version": "5.15.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Saul1213 (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the file /com/jeesite/common/shiro/cas/CasOutHandler.java of the component Endpoint. Executing a manipulation can lead to xml external entity reference. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is considered difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 4.6,
            "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-610",
              "description": "Externally Controlled Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-02T01:32:10.428Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-348299 | thinkgem JeeSite Endpoint CasOutHandler.java xml external entity reference",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.348299"
        },
        {
          "name": "VDB-348299 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.348299"
        },
        {
          "name": "Submit #763732 | Jeesite v5.15.1 XXE",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.763732"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://www.yuque.com/la12138/pa2fpb/ew8x2qss8dv0bsu0?singleDoc"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-01T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-03-01T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-03-01T08:00:26.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "thinkgem JeeSite Endpoint CasOutHandler.java xml external entity reference"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-3404",
    "datePublished": "2026-03-02T01:32:10.428Z",
    "dateReserved": "2026-03-01T06:55:17.609Z",
    "dateUpdated": "2026-03-02T15:17:14.605Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-34401 (GCVE-0-2026-34401)

Vulnerability from cvelistv5 – Published: 2026-03-31 21:05 – Updated: 2026-04-01 15:53
VLAI
Title
XML Notepad: XML External Entity (XXE) Injection via Unsafe XmlTextReader in XML Diff and Schema Loading
Summary
XML Notepad is a Windows program that provides a simple intuitive User Interface for browsing and editing XML documents. Prior to version 2.9.0.21, XML Notepad does not disable DTD processing by default which means external entities are resolved automatically. There is a well known attack related to malicious DTD files where an attacker to craft a malicious XML file that loads a DTD that causes XML Notepad to make outbound HTTP/SMB requests, potentially leaking local file contents or capturing the victim's NTLM credentials. This issue has been patched in version 2.9.0.21.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
Impacted products
Vendor Product Version
microsoft XmlNotepad Affected: < 2.9.0.21
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-34401",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-01T15:45:24.184266Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-01T15:53:18.538Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/microsoft/XmlNotepad/security/advisories/GHSA-5j32-486h-42ch"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "XmlNotepad",
          "vendor": "microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.9.0.21"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "XML Notepad is a Windows program that provides a simple intuitive User Interface for browsing and editing XML documents. Prior to version 2.9.0.21, XML Notepad does not disable DTD processing by default which means external entities are resolved automatically. There is a well known attack related to malicious DTD files where an attacker to craft a malicious XML file that loads a DTD that causes XML Notepad to make outbound HTTP/SMB requests, potentially leaking local file contents or capturing the victim\u0027s NTLM credentials. This issue has been patched in version 2.9.0.21."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611: Improper Restriction of XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-31T21:05:50.647Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/microsoft/XmlNotepad/security/advisories/GHSA-5j32-486h-42ch",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/microsoft/XmlNotepad/security/advisories/GHSA-5j32-486h-42ch"
        },
        {
          "name": "https://github.com/microsoft/XmlNotepad/commit/3665603d61ba10b7827a3724e854748cb780140c",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/microsoft/XmlNotepad/commit/3665603d61ba10b7827a3724e854748cb780140c"
        },
        {
          "name": "https://github.com/microsoft/XmlNotepad/commit/c03ab2311ac6960452eb1ab49098768f851dcc53",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/microsoft/XmlNotepad/commit/c03ab2311ac6960452eb1ab49098768f851dcc53"
        },
        {
          "name": "https://github.com/microsoft/XmlNotepad/releases/tag/2.9.0.21",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/microsoft/XmlNotepad/releases/tag/2.9.0.21"
        }
      ],
      "source": {
        "advisory": "GHSA-5j32-486h-42ch",
        "discovery": "UNKNOWN"
      },
      "title": "XML Notepad: XML External Entity (XXE) Injection via Unsafe XmlTextReader in XML Diff and Schema Loading"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-34401",
    "datePublished": "2026-03-31T21:05:50.647Z",
    "dateReserved": "2026-03-27T13:45:29.620Z",
    "dateUpdated": "2026-04-01T15:53:18.538Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-3511 (GCVE-0-2026-3511)

Vulnerability from cvelistv5 – Published: 2026-03-19 11:25 – Updated: 2026-03-19 13:15
VLAI
Summary
Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF (Server Side Request Forgery) attacks and obtain unauthorized access to local files on filesystems running the vulnerable application. Successful exploitation requires the victim to visit a specially crafted website that sends request containing a specially crafted XML document to /sign endpoint of the local HTTP server run by the application.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
Impacted products
Vendor Product Version
Slovensko.Digital Autogram Affected: 0 , < 2.7.2 (custom)
Create a notification for this product.
Credits
Martin Orem from Binary House
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-3511",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-19T13:14:58.232031Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-19T13:15:06.878Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Autogram",
          "vendor": "Slovensko.Digital",
          "versions": [
            {
              "lessThan": "2.7.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Martin Orem from Binary House"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF (Server Side Request Forgery) attacks and obtain unauthorized access to local files on filesystems running the vulnerable application. Successful exploitation requires the victim to visit a specially crafted website that sends request containing a specially crafted XML document to /sign endpoint of the local HTTP server run by the application.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF (Server Side Request Forgery) attacks and obtain unauthorized access to local files on filesystems running the vulnerable application. Successful exploitation requires the victim to visit a specially crafted website that sends request containing a specially crafted XML document to /sign endpoint of the local HTTP server run by the application."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-664",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-664 Server Side Request Forgery"
            }
          ]
        },
        {
          "capecId": "CAPEC-126",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-126 Path Traversal"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611 Improper Restriction of XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-19T11:34:05.288Z",
        "orgId": "bc375322-d3d7-4481-b261-e29662236cfd",
        "shortName": "SK-CERT"
      },
      "references": [
        {
          "url": "https://github.com/slovensko-digital/autogram/releases/tag/v2.7.2"
        },
        {
          "url": "https://blog.binary.house/2026/03/pripadova-studia-ako-sme-s-claude-code.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-02T23:00:00.000Z",
          "value": "Vulnerability discovered"
        },
        {
          "lang": "en",
          "time": "2026-03-02T23:00:00.000Z",
          "value": "Vulnerability reported to developer"
        },
        {
          "lang": "en",
          "time": "2026-03-02T23:00:00.000Z",
          "value": "Developer patched the vulnerability"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bc375322-d3d7-4481-b261-e29662236cfd",
    "assignerShortName": "SK-CERT",
    "cveId": "CVE-2026-3511",
    "datePublished": "2026-03-19T11:25:44.800Z",
    "dateReserved": "2026-03-04T10:42:40.045Z",
    "dateUpdated": "2026-03-19T13:15:06.878Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-3603 (GCVE-0-2026-3603)

Vulnerability from cvelistv5 – Published: 2026-05-26 18:17 – Updated: 2026-05-27 12:35
VLAI
Title
IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to XML external entity injection (XXE) attack
Summary
IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through  Interim Fix 021, 7.1.0  Interim Fix 001 through  Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
ibm
References
URL Tags
https://www.ibm.com/support/pages/node/7274078 vendor-advisorypatch
Impacted products
Vendor Product Version
IBM Engineering Lifecycle Management Affected: 7.0.3 Interim Fix 001 , ≤ Interim Fix 021 (semver)
Affected: 7.1.0 Interim Fix 001 , ≤ Interim Fix 009 (semver)
Affected: 7.2.0 and 7.2.0 Interim Fix 001
    cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:engineering_lifecycle_management:7.2.0:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-3603",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-26T19:00:21.406124Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-26T19:00:29.549Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:engineering_lifecycle_management:7.2.0:*:*:*:*:*:*:*"
          ],
          "product": "Engineering Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "Interim Fix 021",
              "status": "affected",
              "version": "7.0.3 Interim Fix 001",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "Interim Fix 009",
              "status": "affected",
              "version": "7.1.0 Interim Fix 001",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "7.2.0 and 7.2.0 Interim Fix 001"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through\u0026nbsp; Interim Fix 021, 7.1.0\u0026nbsp; Interim Fix 001 through\u0026nbsp; Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.\u003c/p\u003e"
            }
          ],
          "value": "IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through\u00a0 Interim Fix 021, 7.1.0\u00a0 Interim Fix 001 through\u00a0 Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611 Improper Restriction of XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-27T12:35:49.489Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7274078"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eAffected Product(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation/Fix/Instructions\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e7.0.3\u003c/td\u003e\u003ctd\u003eDownload and install\u0026nbsp;\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.2\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=7.0.3-IBM-ELM-iFix022\u0026amp;includeRequisites=0\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\" rel=\"nofollow\"\u003eiFix022\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e7.1.0\u003c/td\u003e\u003ctd\u003eDownload and install\u0026nbsp;\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.1\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=7.1-IBM-ELM-iFix010\u0026amp;includeRequisites=0\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\u0026amp;login=true\" rel=\"nofollow\"\u003eiFix010\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e7.2.0\u003c/td\u003e\u003ctd\u003eDownload and install\u0026nbsp;\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.2\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=7.2-IBM-ELM-iFix002\u0026amp;includeRequisites=0\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\u0026amp;login=true\" rel=\"nofollow\"\u003eiFix002\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "IBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:\n\nAffected Product(s)Version(s)Remediation/Fix/Instructions\n\nIBM Engineering Lifecycle Management - Jazz Foundation\n\n7.0.3Download and install\u00a0 iFix022 https://www.ibm.com/support/fixcentral/swg/downloadFixes \n\nIBM Engineering Lifecycle Management - Jazz Foundation\n\n7.1.0Download and install\u00a0 iFix010 https://www.ibm.com/support/fixcentral/swg/downloadFixes \n\nIBM Engineering Lifecycle Management - Jazz Foundation\n\n7.2.0Download and install\u00a0 iFix002 https://www.ibm.com/support/fixcentral/swg/downloadFixes"
        }
      ],
      "title": "IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to XML external entity injection (XXE) attack",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2026-3603",
    "datePublished": "2026-05-26T18:17:03.408Z",
    "dateReserved": "2026-03-05T15:14:14.178Z",
    "dateUpdated": "2026-05-27T12:35:49.489Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation

Phases: Implementation, System Configuration

Description:

  • Many XML parsers and validators can be configured to disable external entity expansion.
CAPEC-221: Data Serialization External Entities Blowup

This attack takes advantage of the entity replacement property of certain data serialization languages (e.g., XML, YAML, etc.) where the value of the replacement is a URI. A well-crafted file could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.

Back to CWE stats page