CVE-2026-44618 – Apache CXF: XXE vulnerability in WS-Transfer functionality

CVE ID :CVE-2026-44618

Published : May 22, 2026, 12:17 p.m. | 43 minutes ago

Description :Insecure XML parser configuration in Apache CXF’s WS-Transfer module may allow attackers to perform XXE attacks.
Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-44417 – Apache CXF: Incomplete fix for CVE-2025-48913 (Untrusted JMS configuration can lead to RCE)

CVE-2026-44930 – Apache CXF: LDAP Injection vulnerability in XKMS LDAP Repository

CVE-2026-4635 – Persistent notification timing attack causing server denial of service

CVE-2026-3473 – Improper file ownership validation in the Boards API allows unauthorised file access