PT-2026-42754 · Apache · Apache Cxf
Published
2026-05-22
·
Updated
2026-05-22
·
CVE-2026-44618
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks.
Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Cxf