EIP-2026-116345

PRE-CVE

Sun Java 1.x - XML Document Nested Entity Denial of Service

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-116345. PoCs published by Sun Microsystems.

AI-analyzed exploit summary This exploit leverages an XML Entity Expansion (XEE) vulnerability in Sun Java to cause a denial-of-service (DoS) by consuming excessive system resources. The malicious XML document contains deeply nested entity references that trigger exponential expansion, leading to system crashes.

Description

Sun Java 1.x - XML Document Nested Entity Denial of Service

Exploits (1)

exploitdb WORKING POC VERIFIED
by Sun Microsystems · textdoswindows
https://www.exploit-db.com/exploits/23165

This exploit leverages an XML Entity Expansion (XEE) vulnerability in Sun Java to cause a denial-of-service (DoS) by consuming excessive system resources. The malicious XML document contains deeply nested entity references that trigger exponential expansion, leading to system crashes.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Sun Java (unspecified version)
No auth needed
Prerequisites: Ability to deliver malicious XML to a vulnerable Sun Java application
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026