CVE-2026-2074

Name of the Vulnerable Software and Affected Versions O2OA versions prior to 9.0.0

Description A flaw exists in O2OA up to version 9.0.0 related to XML external entity reference. The issue is located within the HTTP POST Request Handler component, specifically in the file /x program center/jaxrs/mpweixin/check. The manipulation allows for remote initiation of the attack. The exploit is publicly available.

Recommendations Update O2OA to version 9.0.0 or later.