Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
3.5
XML Input Allows Access to Sensitive Data and Files
CVE-2024-8010
Summary
A software component accepts XML input without properly checking it, which allows hackers to access sensitive files and data. This could lead to unauthorized access to confidential information. Consider updating the component to disable external entity resolution in XML input.
Original title
The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external...
Original description
The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external entity references.
By leveraging this vulnerability, a malicious actor can read confidential files from the product's file system or access limited HTTP resources reachable via HTTP GET requests to the vulnerable product.
By leveraging this vulnerability, a malicious actor can read confidential files from the product's file system or access limited HTTP resources reachable via HTTP GET requests to the vulnerable product.
nvd CVSS3.1
3.5
Vulnerability type
CWE-611
XML External Entity (XXE)
Published: 16 Apr 2026 · Updated: 17 Apr 2026 · First seen: 16 Apr 2026