CVE-2026-49875

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurations, enabling out-of-band (OOB) external entity resolution. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue.

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2026-49875

Affected Products

Apache Cxf

CVE-2026-49875

Weakness Enumeration

Related Identifiers

Affected Products

References · 3