-
CVE-2026-44618
- EPSS 0.34%
- Veröffentlicht 22.05.2026 12:17:14
- Zuletzt bearbeitet 22.05.2026 12:17:14
- Quelle f0158376-9dc2-43b6-827c-5f631a
- CVE-Watchlists
- Unerledigt
Apache CXF: XXE vulnerability in WS-Transfer functionality
Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerApache Software Foundation
≫
Produkt
Apache CXF
Default Statusunaffected
Version
4.2.0
Version <
4.2.1
Status
affected
Version
4.0.0
Version <
4.1.6
Status
affected
Version
0
Version <
3.6.11
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.255 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|
https://lists.apache.org/thread/c7vb015f8ljmjl44030mn0yfq71f7sd7