CVE-2026-36765

Name of the Vulnerable Software and Affected Versions SpringBlade version 4.8.0

Description An XML external entity (XXE) flaw in the "/designer/loadReport" endpoint allows authenticated attackers to execute arbitrary code by injecting a crafted payload. XXE is a type of attack where an application processes XML input containing a reference to an external entity, which can lead to unauthorized data access or remote code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the "/designer/loadReport" endpoint to minimize the risk of exploitation.