High severity7.7NVD Advisory· Published May 27, 2026· Updated May 27, 2026
CVE-2026-2253
CVE-2026-2253
Description
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities.
Affected products
1- Range: < 10.2.0.7 || < 11.0.0.0
Patches
Vulnerability mechanics
References
1News mentions
1- Hitachi Discloses Six CVEs Across Pentaho, RTU500, Ops Center, and HiDraw ProductsVypr Intelligence · May 27, 2026