πŸ” CVE Alert

CVE-2026-44618

MEDIUM 5.3

Apache CXF: XXE vulnerability in WS-Transfer functionality

CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.

CWE CWE-611
Vendor apache software foundation
Product apache cxf
Published May 22, 2026
Last Updated May 22, 2026
Stay Ahead of the Next One

Get instant alerts for apache software foundation apache cxf

Be the first to know when new medium vulnerabilities affecting apache software foundation apache cxf are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

Apache Software Foundation / Apache CXF
4.2.0 < 4.2.1 4.0.0 < 4.1.6 0 < 3.6.11

References

NVD β†— CVE.org β†— EPSS Data β†—
lists.apache.org: https://lists.apache.org/thread/c7vb015f8ljmjl44030mn0yfq71f7sd7 openwall.com: http://www.openwall.com/lists/oss-security/2026/05/22/8

Credits

Credit to IcySun ([email protected]), εΉΏδΈœδΈœζ–Ήζ€η»΄η§‘ζŠ€ζœ‰ι™ε…¬εΈ