Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by handnot2
CVE-2026-28809 (GCVE-0-2026-28809)
Vulnerability from nvd – Published: 2026-03-23 10:09 – Updated: 2026-05-27 15:41
VLAI
Title
XXE in esaml SAML library allows local file read and potential SSRF
Summary
XML External Entity (XXE) vulnerability in esaml (and its forks) allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages.
esaml parses attacker-controlled SAML messages using xmerl_scan:string/2 before signature verification without disabling XML entity expansion. On Erlang/OTP versions before 27, Xmerl allows entities by default, enabling pre-signature XXE attacks. An attacker can cause the host to read local files (e.g., Kubernetes-mounted secrets) into the SAML document. If the attacker is not a trusted SAML SP, signature verification will fail and the document is discarded, but file contents may still be exposed through logs or error messages.
This issue affects all versions of esaml, including forks by arekinath, handnot2, and dropbox. Users running on Erlang/OTP 27 or later are not affected due to Xmerl defaulting to entities disabled.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://cna.erlef.org/cves/CVE-2026-28809.html | third-party-advisoryrelated |
| https://osv.dev/vulnerability/EEF-CVE-2026-28809 | related |
| https://github.com/Jump-App/esaml/commit/bab85efd… | patch |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| dropbox | esaml |
cpe:2.3:a:dropbox:esaml:*:*:*:*:*:*:*:* cpe:2.3:a:arekinath:esaml:*:*:*:*:*:*:*:* cpe:2.3:a:handnot2:esaml:*:*:*:*:*:*:*:* |
|
| arekinath | esaml |
cpe:2.3:a:arekinath:esaml:*:*:*:*:*:*:*:* |
|
| handnot2 | esaml |
cpe:2.3:a:handnot2:esaml:*:*:*:*:*:*:*:* |
|
| dropbox | esaml |
cpe:2.3:a:dropbox:esaml:*:*:*:*:*:*:*:* |
|
| Jump-App | esaml |
Affected:
0 , < bab85efde7c136911402a881ca55173759467a26
(git)
Unaffected: bab85efde7c136911402a881ca55173759467a26 (git) cpe:2.3:a:jump-app:esaml:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T15:07:17.488260Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T15:52:46.187Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:dropbox:esaml:*:*:*:*:*:*:*:*",
"cpe:2.3:a:arekinath:esaml:*:*:*:*:*:*:*:*",
"cpe:2.3:a:handnot2:esaml:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"packageName": "esaml",
"packageURL": "pkg:hex/esaml",
"product": "esaml",
"vendor": "dropbox"
},
{
"collectionURL": "https://github.com",
"cpes": [
"cpe:2.3:a:arekinath:esaml:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"packageName": "arekinath/esaml",
"packageURL": "pkg:github/arekinath/esaml",
"product": "esaml",
"repo": "https://github.com/arekinath/esaml.git",
"vendor": "arekinath"
},
{
"collectionURL": "https://github.com",
"cpes": [
"cpe:2.3:a:handnot2:esaml:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"packageName": "handnot2/esaml",
"packageURL": "pkg:github/handnot2/esaml",
"product": "esaml",
"repo": "https://github.com/handnot2/esaml.git",
"vendor": "handnot2"
},
{
"collectionURL": "https://github.com",
"cpes": [
"cpe:2.3:a:dropbox:esaml:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"packageName": "dropbox/esaml",
"packageURL": "pkg:github/dropbox/esaml",
"product": "esaml",
"repo": "https://github.com/dropbox/esaml.git",
"vendor": "dropbox"
},
{
"collectionURL": "https://github.com",
"cpes": [
"cpe:2.3:a:jump-app:esaml:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"packageName": "Jump-App/esaml",
"packageURL": "pkg:github/Jump-App/esaml",
"product": "esaml",
"repo": "https://github.com/Jump-App/esaml.git",
"vendor": "Jump-App",
"versions": [
{
"lessThan": "bab85efde7c136911402a881ca55173759467a26",
"status": "affected",
"version": "0",
"versionType": "git"
},
{
"status": "unaffected",
"version": "bab85efde7c136911402a881ca55173759467a26",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application must use esaml to process SAML messages and run on Erlang/OTP versions before 27. Starting with OTP 27, \u003ctt\u003exmerl_scan\u003c/tt\u003e disables entity expansion by default, which mitigates this vulnerability."
}
],
"value": "The application must use esaml to process SAML messages and run on Erlang/OTP versions before 27. Starting with OTP 27, xmerl_scan disables entity expansion by default, which mitigates this vulnerability."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dropbox:esaml:*:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arekinath:esaml:*:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handnot2:esaml:*:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jump-app:esaml:*:*:*:*:*:*:*:*",
"versionEndExcluding": "bab85efde7c136911402a881ca55173759467a26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bryan Lynch"
},
{
"lang": "en",
"type": "analyst",
"value": "Jonatan M\u00e4nnchen / EEF"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "XML External Entity (XXE) vulnerability in esaml (and its forks) allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages.\u003cp\u003eesaml parses attacker-controlled SAML messages using \u003ctt\u003exmerl_scan:string/2\u003c/tt\u003e before signature verification without disabling XML entity expansion. On Erlang/OTP versions before 27, Xmerl allows entities by default, enabling pre-signature XXE attacks. An attacker can cause the host to read local files (e.g., Kubernetes-mounted secrets) into the SAML document. If the attacker is not a trusted SAML SP, signature verification will fail and the document is discarded, but file contents may still be exposed through logs or error messages.\u003c/p\u003e\u003cp\u003eThis issue affects all versions of esaml, including forks by arekinath, handnot2, and dropbox. Users running on Erlang/OTP 27 or later are not affected due to Xmerl defaulting to entities disabled.\u003c/p\u003e"
}
],
"value": "XML External Entity (XXE) vulnerability in esaml (and its forks) allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages.\n\nesaml parses attacker-controlled SAML messages using xmerl_scan:string/2 before signature verification without disabling XML entity expansion. On Erlang/OTP versions before 27, Xmerl allows entities by default, enabling pre-signature XXE attacks. An attacker can cause the host to read local files (e.g., Kubernetes-mounted secrets) into the SAML document. If the attacker is not a trusted SAML SP, signature verification will fail and the document is discarded, but file contents may still be exposed through logs or error messages.\n\nThis issue affects all versions of esaml, including forks by arekinath, handnot2, and dropbox. Users running on Erlang/OTP 27 or later are not affected due to Xmerl defaulting to entities disabled."
}
],
"impacts": [
{
"capecId": "CAPEC-201",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-201 Serialized Data External Linking"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T15:41:20.808Z",
"orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"shortName": "EEF"
},
"references": [
{
"tags": [
"third-party-advisory",
"related"
],
"url": "https://cna.erlef.org/cves/CVE-2026-28809.html"
},
{
"tags": [
"related"
],
"url": "https://osv.dev/vulnerability/EEF-CVE-2026-28809"
},
{
"tags": [
"patch"
],
"url": "https://github.com/Jump-App/esaml/commit/bab85efde7c136911402a881ca55173759467a26"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "XXE in esaml SAML library allows local file read and potential SSRF",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to Erlang/OTP 27 or later. Starting with OTP 27, \u003ctt\u003exmerl_scan\u003c/tt\u003e disables entity expansion by default, which mitigates this vulnerability without changes to esaml."
}
],
"value": "Upgrade to Erlang/OTP 27 or later. Starting with OTP 27, xmerl_scan disables entity expansion by default, which mitigates this vulnerability without changes to esaml."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"assignerShortName": "EEF",
"cveId": "CVE-2026-28809",
"datePublished": "2026-03-23T10:09:29.233Z",
"dateReserved": "2026-03-03T14:40:00.590Z",
"dateUpdated": "2026-05-27T15:41:20.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28809 (GCVE-0-2026-28809)
Vulnerability from cvelistv5 – Published: 2026-03-23 10:09 – Updated: 2026-05-27 15:41
VLAI
Title
XXE in esaml SAML library allows local file read and potential SSRF
Summary
XML External Entity (XXE) vulnerability in esaml (and its forks) allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages.
esaml parses attacker-controlled SAML messages using xmerl_scan:string/2 before signature verification without disabling XML entity expansion. On Erlang/OTP versions before 27, Xmerl allows entities by default, enabling pre-signature XXE attacks. An attacker can cause the host to read local files (e.g., Kubernetes-mounted secrets) into the SAML document. If the attacker is not a trusted SAML SP, signature verification will fail and the document is discarded, but file contents may still be exposed through logs or error messages.
This issue affects all versions of esaml, including forks by arekinath, handnot2, and dropbox. Users running on Erlang/OTP 27 or later are not affected due to Xmerl defaulting to entities disabled.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://cna.erlef.org/cves/CVE-2026-28809.html | third-party-advisoryrelated |
| https://osv.dev/vulnerability/EEF-CVE-2026-28809 | related |
| https://github.com/Jump-App/esaml/commit/bab85efd… | patch |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| dropbox | esaml |
cpe:2.3:a:dropbox:esaml:*:*:*:*:*:*:*:* cpe:2.3:a:arekinath:esaml:*:*:*:*:*:*:*:* cpe:2.3:a:handnot2:esaml:*:*:*:*:*:*:*:* |
|
| arekinath | esaml |
cpe:2.3:a:arekinath:esaml:*:*:*:*:*:*:*:* |
|
| handnot2 | esaml |
cpe:2.3:a:handnot2:esaml:*:*:*:*:*:*:*:* |
|
| dropbox | esaml |
cpe:2.3:a:dropbox:esaml:*:*:*:*:*:*:*:* |
|
| Jump-App | esaml |
Affected:
0 , < bab85efde7c136911402a881ca55173759467a26
(git)
Unaffected: bab85efde7c136911402a881ca55173759467a26 (git) cpe:2.3:a:jump-app:esaml:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T15:07:17.488260Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T15:52:46.187Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:dropbox:esaml:*:*:*:*:*:*:*:*",
"cpe:2.3:a:arekinath:esaml:*:*:*:*:*:*:*:*",
"cpe:2.3:a:handnot2:esaml:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"packageName": "esaml",
"packageURL": "pkg:hex/esaml",
"product": "esaml",
"vendor": "dropbox"
},
{
"collectionURL": "https://github.com",
"cpes": [
"cpe:2.3:a:arekinath:esaml:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"packageName": "arekinath/esaml",
"packageURL": "pkg:github/arekinath/esaml",
"product": "esaml",
"repo": "https://github.com/arekinath/esaml.git",
"vendor": "arekinath"
},
{
"collectionURL": "https://github.com",
"cpes": [
"cpe:2.3:a:handnot2:esaml:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"packageName": "handnot2/esaml",
"packageURL": "pkg:github/handnot2/esaml",
"product": "esaml",
"repo": "https://github.com/handnot2/esaml.git",
"vendor": "handnot2"
},
{
"collectionURL": "https://github.com",
"cpes": [
"cpe:2.3:a:dropbox:esaml:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"packageName": "dropbox/esaml",
"packageURL": "pkg:github/dropbox/esaml",
"product": "esaml",
"repo": "https://github.com/dropbox/esaml.git",
"vendor": "dropbox"
},
{
"collectionURL": "https://github.com",
"cpes": [
"cpe:2.3:a:jump-app:esaml:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"packageName": "Jump-App/esaml",
"packageURL": "pkg:github/Jump-App/esaml",
"product": "esaml",
"repo": "https://github.com/Jump-App/esaml.git",
"vendor": "Jump-App",
"versions": [
{
"lessThan": "bab85efde7c136911402a881ca55173759467a26",
"status": "affected",
"version": "0",
"versionType": "git"
},
{
"status": "unaffected",
"version": "bab85efde7c136911402a881ca55173759467a26",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application must use esaml to process SAML messages and run on Erlang/OTP versions before 27. Starting with OTP 27, \u003ctt\u003exmerl_scan\u003c/tt\u003e disables entity expansion by default, which mitigates this vulnerability."
}
],
"value": "The application must use esaml to process SAML messages and run on Erlang/OTP versions before 27. Starting with OTP 27, xmerl_scan disables entity expansion by default, which mitigates this vulnerability."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dropbox:esaml:*:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arekinath:esaml:*:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handnot2:esaml:*:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jump-app:esaml:*:*:*:*:*:*:*:*",
"versionEndExcluding": "bab85efde7c136911402a881ca55173759467a26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bryan Lynch"
},
{
"lang": "en",
"type": "analyst",
"value": "Jonatan M\u00e4nnchen / EEF"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "XML External Entity (XXE) vulnerability in esaml (and its forks) allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages.\u003cp\u003eesaml parses attacker-controlled SAML messages using \u003ctt\u003exmerl_scan:string/2\u003c/tt\u003e before signature verification without disabling XML entity expansion. On Erlang/OTP versions before 27, Xmerl allows entities by default, enabling pre-signature XXE attacks. An attacker can cause the host to read local files (e.g., Kubernetes-mounted secrets) into the SAML document. If the attacker is not a trusted SAML SP, signature verification will fail and the document is discarded, but file contents may still be exposed through logs or error messages.\u003c/p\u003e\u003cp\u003eThis issue affects all versions of esaml, including forks by arekinath, handnot2, and dropbox. Users running on Erlang/OTP 27 or later are not affected due to Xmerl defaulting to entities disabled.\u003c/p\u003e"
}
],
"value": "XML External Entity (XXE) vulnerability in esaml (and its forks) allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages.\n\nesaml parses attacker-controlled SAML messages using xmerl_scan:string/2 before signature verification without disabling XML entity expansion. On Erlang/OTP versions before 27, Xmerl allows entities by default, enabling pre-signature XXE attacks. An attacker can cause the host to read local files (e.g., Kubernetes-mounted secrets) into the SAML document. If the attacker is not a trusted SAML SP, signature verification will fail and the document is discarded, but file contents may still be exposed through logs or error messages.\n\nThis issue affects all versions of esaml, including forks by arekinath, handnot2, and dropbox. Users running on Erlang/OTP 27 or later are not affected due to Xmerl defaulting to entities disabled."
}
],
"impacts": [
{
"capecId": "CAPEC-201",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-201 Serialized Data External Linking"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T15:41:20.808Z",
"orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"shortName": "EEF"
},
"references": [
{
"tags": [
"third-party-advisory",
"related"
],
"url": "https://cna.erlef.org/cves/CVE-2026-28809.html"
},
{
"tags": [
"related"
],
"url": "https://osv.dev/vulnerability/EEF-CVE-2026-28809"
},
{
"tags": [
"patch"
],
"url": "https://github.com/Jump-App/esaml/commit/bab85efde7c136911402a881ca55173759467a26"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "XXE in esaml SAML library allows local file read and potential SSRF",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to Erlang/OTP 27 or later. Starting with OTP 27, \u003ctt\u003exmerl_scan\u003c/tt\u003e disables entity expansion by default, which mitigates this vulnerability without changes to esaml."
}
],
"value": "Upgrade to Erlang/OTP 27 or later. Starting with OTP 27, xmerl_scan disables entity expansion by default, which mitigates this vulnerability without changes to esaml."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"assignerShortName": "EEF",
"cveId": "CVE-2026-28809",
"datePublished": "2026-03-23T10:09:29.233Z",
"dateReserved": "2026-03-03T14:40:00.590Z",
"dateUpdated": "2026-05-27T15:41:20.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}