CVE-2026-39053

Name of the Vulnerable Software and Affected Versions Oinone Pamirs version 7.0.0

Description An XML External Entity (XXE) issue exists in the XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as the functions PamirsXmlUtils.fromXML() or ViewXmlUtils.fromXML(), unsafe XML processing can lead to Server-Side Request Forgery (SSRF)—where the server is coerced into making unintended requests—or unauthorized file disclosure.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.