CVE-2026-42402

Name of the Vulnerable Software and Affected Versions Apache Neethi versions prior to 3.2.2

Description An issue exists in policy normalization where algorithmic complexity allows for a Denial of Service attack. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process. This results in unbounded memory allocation that exhausts the JVM heap because the process generates an excessive number of policy alternatives without limits.

Recommendations Upgrade to version 3.2.2.