PT-2026-36313 · Apache · Apache Neethi
Colm O Heigeartaigh
·
Published
2026-05-01
·
Updated
2026-05-02
·
CVE-2026-42404
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Apache Neethi versions prior to 3.2.2
Description
The PolicyReference API does not impose restrictions on URIs when manually fetching remote policy references. This allows an application that explicitly calls the API to make outbound requests using arbitrary protocols and internal IP addresses.
Recommendations
Upgrade to version 3.2.2.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Neethi