Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,250 vulnerabilities with CWE-611

CVE-2026-49875 CRITICAL

Apache CXF: XML External Entity (XXE) Injection in W3CMultiSchemaFactory and EndpointReferenceUtils

CVE-2026-40998 HIGH

Spring Web Services - Jaxp13 XPath XXE via StreamSource and SAXSource

CVE-2026-40991 MEDIUM

XML External Entity (XXE) injection when documenting untrusted XML content

CVE-2026-47960 HIGH

ColdFusion | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)

CVE-2026-8045 HIGH

Schneider Electric EcoStruxure™ IT Data Center Expert - Improper Restriction of XML External Entity Reference

CVE-2026-49383 LOW

Jetbrains IntelliJ Idea < 2026.1 - Improper Restriction of XML External Entity Reference

CVE-2026-2253 HIGH

Hitachi Vantara Pentaho Data Integration & Analytics - Improper Restriction of XML External Entity Reference

CVE-2026-3603 HIGH

IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to XML external entity injection (XXE) attack

CVE-2026-44618 MEDIUM

Apache CXF: XXE vulnerability in WS-Transfer functionality

CVE-2026-46722 MEDIUM

XML External Entity Injection in extension "Faceted Search" (ke_search)

CVE-2026-39053 MEDIUM

Oinone Pamirs 7.0.0 - XML External Entity Injection

CVE-2026-44445 MEDIUM

ERPNext: XML External Entity (XEE) Reference Vulnerability in the EDI Module

CVE-2026-41895 HIGH

changedetection.io: XXE vulnerability in the changedetection.io project

CVE-2026-42212 HIGH

SolidCAM-GPPL-IDE: XML External Entity (XXE) and billion-laughs DoS in VMID parser

CVE-2026-41936 HIGH

Vvveb < 1.0.8.2 XML External Entity Injection via Import

CVE-2026-38429 CRITICAL

OpenCMS v20 - XML External Entity Injection

CVE-2026-40682 CRITICAL

Apache OpenNLP: XXE via Dictionary Parsing in DictionaryEntryPersistor

CVE-2026-6501 MEDIUM

ILM Informatique jOpenDocument < 1.5 - XML External Entity Injection

CVE-2026-36765 HIGH

SpringBlade 4.8.0 Report Designer - XML External Entity Injection

CVE-2026-6807 MEDIUM

NSA GRASSMARLIN Improper Restriction of XML External Entity Reference

CVE-2026-41066 HIGH

lxml < 6.1.0 - XML External Entity Injection via Default Parser Configuration

CVE-2026-40882 HIGH

OpenRemote has XXE in Velbus Asset Import

CVE-2026-26171 HIGH

Microsoft .NET and PowerShell - Resource Consumption Denial of Service

CVE-2026-33737 MEDIUM

Chamilo LMS XML Parsing - XML External Entity Injection

CVE-2026-4374 CRITICAL

RTI Connext Professional Multiple Services - XXE

Page 1 of 50 Next

Details

Vulnerabilities 1,250

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy