CVE-2026-3511

HIGH 8.6

CVSS Score

8.6

EPSS Score

0.0%

EPSS Percentile

0th

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF (Server Side Request Forgery) attacks and obtain unauthorized access to local files on filesystems running the vulnerable application. Successful exploitation requires the victim to visit a specially crafted website that sends request containing a specially crafted XML document to /sign endpoint of the local HTTP server run by the application.

CWE	CWE-611
Vendor	slovensko.digital
Product	autogram
Published	Mar 19, 2026
Last Updated	Mar 19, 2026

Stay Ahead of the Next One

Get instant alerts for slovensko.digital autogram

Be the first to know when new high vulnerabilities affecting slovensko.digital autogram are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

Slovensko.Digital / Autogram

0 < 2.7.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/slovensko-digital/autogram/releases/tag/v2.7.2 blog.binary.house: https://blog.binary.house/2026/03/pripadova-studia-ako-sme-s-claude-code.html

Credits

Martin Orem from Binary House