{"id":76247,"date":"2026-02-03T19:46:13","date_gmt":"2026-02-03T16:16:13","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2026-23795-apache-syncope-console-xxe-on-keymaster-parameters\/"},"modified":"2026-02-03T19:46:13","modified_gmt":"2026-02-03T16:16:13","slug":"cve-2026-23795-apache-syncope-console-xxe-on-keymaster-parameters","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2026-23795-apache-syncope-console-xxe-on-keymaster-parameters\/","title":{"rendered":"CVE-2026-23795 &#8211; Apache Syncope: Console XXE on Keymaster parameters"},"content":{"rendered":"<p>CVE ID : CVE-2026-23795<\/p>\n<p>Published :  Feb. 3, 2026, 4:16 p.m. | 1\u00a0hour, 2\u00a0minutes ago<\/p>\n<p>Description : Improper Restriction of XML External Entity Reference vulnerability in Apache Syncope Console.<br \/>\nAn administrator with adequate entitlements to create or edit Keymaster parameters via Console can construct malicious XML text to launch an XXE attack, thereby causing sensitive data leakage occurs.<\/p>\n<p>This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3.<\/p>\n<p>Users are recommended to upgrade to version 3.0.16 \/ 4.0.4, which fix this issue.<\/p>\n<p>Severity: 4.9 | MEDIUM<\/p>\n<p>Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2026-23795 Published : Feb. 3, 2026, 4:16 p.m. | 1\u00a0hour, 2\u00a0minutes ago Description : Improper Restriction of XML External Entity Reference vulnerability in Apache Syncope Console. An administrator with adequate entitlements to create or edit Keymaster parameters via Console can construct malicious XML text to launch an XXE attack, thereby causing sensitive &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-76247","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/76247","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=76247"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/76247\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=76247"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=76247"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=76247"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}