VYPR

CWE-776

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

BaseDraftLikelihood: Medium

Description

The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.

If the DTD contains a large number of nested or recursive entities, this can lead to explosive growth of data when parsed, causing a denial of service.

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-197

CVEs mapped to this weakness (58)

page 1 of 3
  • CVE-2019-19144CriAug 1, 2025
    risk 0.64cvss 9.8epss 0.01

    XML External Entity Injection vulnerability in Quantum DXi6702 2.3.0.3 (11449-53631 Build304) devices via rest/Users?action=authenticate.

  • CVE-2026-31248HigMay 11, 2026
    risk 0.49cvss 7.5epss 0.00

    Docling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring() without disabling entity resolution. An attacker can craft a malicious XML file with nested…

  • CVE-2011-3288HigOct 6, 2011
    risk 0.49cvss 7.5epss 0.02

    Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity…

  • CVE-2011-1755HigJun 21, 2011
    risk 0.49cvss 7.5epss 0.04

    jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to…

  • CVE-2009-1955HigJun 8, 2009
    risk 0.49cvss 7.5epss 0.53

    The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document…

  • CVE-2026-45771HigJun 9, 2026
    risk 0.42cvss 7.5epss 0.00

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested <!ENTITY> declarations…

  • CVE-2026-49235HigJun 8, 2026
    risk 0.42cvss 7.5epss 0.00

    When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes.

  • CVE-2008-3281MedAug 27, 2008
    risk 0.42cvss 6.5epss 0.03

    libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

  • CVE-2003-1564MedDec 31, 2003
    risk 0.42cvss 6.5epss 0.02

    libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka…

  • CVE-2026-42212HigMay 8, 2026
    risk 0.39cvss epss 0.00

    SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the…

  • CVE-2026-44020higJun 3, 2026
    risk 0.38cvss epss 0.00

    ### Impact The USPTO patent XML parser used the standard `xml.sax.parseString()` without protection against XML External Entity (XXE) attacks. An attacker could craft malicious USPTO patent XML files with external entity references that could: - Read arbitrary files from the…

  • CVE-2025-0617MedJan 29, 2025
    risk 0.38cvss 5.9epss 0.00

    An attacker with access to an HX 10.0.0 and previous versions, may send specially-crafted data to the HX console. The malicious detection would then trigger file parsing containing exponential entity expansions in the consumer process thus causing a Denial of Service.

  • CVE-2024-27142MedJun 14, 2024
    risk 0.38cvss 5.9epss 0.01

    Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers. An attacker can exploit the…

  • CVE-2024-27141MedJun 14, 2024
    risk 0.38cvss 5.9epss 0.01

    Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers by sending a HTTP request…

  • CVE-2017-5644MedMar 24, 2017
    risk 0.36cvss 5.5epss 0.05

    Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

  • CVE-2026-23822MedMay 12, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the XML handling component of AOS-8 DHCP services could allow an unauthenticated remote attacker to trigger a denial-of-service condition. Successful exploitation could allow an attacker to cause excessive resource consumption upon user interaction, leading to…

  • CVE-2026-40260MedApr 17, 2026
    risk 0.27cvss 5.3epss 0.00

    pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP…

  • CVE-2019-12401Sep 10, 2019
    risk 0.03cvss epss 0.08

    Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the…

  • CVE-2019-11253Oct 17, 2019
    risk 0.02cvss epss 0.26

    Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially…

  • CVE-2015-1819Aug 14, 2015
    risk 0.01cvss epss 0.06

    The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.