VYPR
Medium severity5.3NVD Advisory· Published May 22, 2026· Updated May 22, 2026

CVE-2026-44618

CVE-2026-44618

Description

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Apache/Cxf3 versions
    cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*range: <3.6.11
    • cpe:2.3:a:apache:cxf:4.2.0:*:*:*:*:*:*:*
    • (no CPE)range: <4.2.1, <4.1.6, <3.6.11

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.