XML Entity Expansion Vulnerability in XMLBeans up to v2.6.0

XML Entity Expansion Vulnerability in XMLBeans up to v2.6.0

CVE-2021-23926 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.

Learn more about our User Device Pen Test.