PT-2026-6875 · O2Oa · O2Oa
Sourbyte
·
Published
2026-02-07
·
Updated
2026-02-07
·
CVE-2026-2074
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
O2OA versions prior to 9.0.0
Description
A flaw exists in O2OA up to version 9.0.0 related to XML external entity reference. The issue is located within the HTTP POST Request Handler component, specifically in the file
/x program center/jaxrs/mpweixin/check. The manipulation allows for remote initiation of the attack. The exploit is publicly available.Recommendations
Update O2OA to version 9.0.0 or later.
Exploit
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
O2Oa