VYPR
Medium severity6.5NVD Advisory· Published Apr 22, 2021· Updated Jun 17, 2026

CVE-2021-27736

CVE-2021-27736

Description

FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.