CVE-2026-42403

Name of the Vulnerable Software and Affected Versions Apache Neethi versions prior to 3.2.2

Description Apache Neethi fails to properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references (for example, Policy A references Policy B, which in turn references Policy A), the policy normalization process may enter an infinite loop or cause excessive recursion. This can result in a stack overflow or an application hang, allowing an attacker to cause a Denial of Service condition by crafting malicious policy documents.

Recommendations Upgrade to version 3.2.2.