CVE-2026-44618
EUVD-2026-3143422.05.2026, 13:16
Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| apache | cxf | 𝑥 < 3.6.11 |
| apache | cxf | 4.0.0 ≤ 𝑥 < 4.1.6 |
| apache | cxf | 4.2.0 |
𝑥
= Vulnerable software versions