CVE-2026-46722

Name of the Vulnerable Software and Affected Versions Faceted Search (ke search) (affected versions not specified)

Description The OOXML parsing of the file indexer fails to disable external entity resolution. This allows an attacker to use a specially crafted xlsx or pptx document placed in an indexed directory to trigger XML External Entity (XXE) injection—a process where an application processes external entities within an XML document. This can result in the reading of local files or the execution of outbound HTTP requests, with the retrieved data being written to the search index.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.