CVE-2026-3511

Name of the Vulnerable Software and Affected Versions Slovensko.Digital Autogram (affected versions not specified)

Description The application contains an Improper Restriction of XML External Entity Reference issue in the XMLUtils.java component. This allows a remote, unauthenticated attacker to perform Server Side Request Forgery (SSRF) attacks and gain unauthorized access to local files on the filesystem where the vulnerable application is running. Exploitation requires the victim to visit a specially crafted website that sends a request containing a specially crafted XML document to the /sign API endpoint of the local HTTP server run by the application. SSRF is a web security issue that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.