PT-2026-42754 · Apache · Apache Cxf
Published
2026-05-22
·
Updated
2026-05-26
·
CVE-2026-44618
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Apache CXF versions prior to 4.2.1
Apache CXF versions prior to 4.1.6
Apache CXF versions prior to 3.6.11
Description
Insecure XML parser configuration in the WS-Transfer module may allow attackers to perform XML External Entity (XXE) attacks. XXE is a type of attack where an application processes XML input containing a reference to an external entity, potentially leading to unauthorized access to files or internal systems.
Recommendations
Upgrade to version 4.2.1.
Upgrade to version 4.1.6.
Upgrade to version 3.6.11.
Exploit
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Cxf