CVE-2026-2074
⚪ Do wiadomości
Referencja zewnętrznego bytu XML w O2OA umożliwia zdalne ataki.
CVSS
6.3
EPSS
0.3%
Exploit
poc
Vendor
zoneland
Opis źródłowy (NVD)
A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /x_program_center/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
exploit xxe
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 6.3 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.3% |
| Opublikowano (NVD) | 2026-02-07 05:16:12 UTC |
| Ostatnia modyfikacja (NVD) | 2026-06-17 10:30:15 UTC |
Referencje
- https://github.com/SourByte05/SourByte-Lab/issues/7 (cna@vuldb.com) [Exploit, Issue Tracking, Mitigation, Third Party Advisory]
- https://vuldb.com/?ctiid.344640 (cna@vuldb.com) [Permissions Required, VDB Entry]
- https://vuldb.com/?id.344640 (cna@vuldb.com) [Third Party Advisory, VDB Entry]
- https://vuldb.com/?submit.745486 (cna@vuldb.com) [Third Party Advisory, VDB Entry]
- https://vuldb.com/?submit.745489 (cna@vuldb.com) [Third Party Advisory, VDB Entry]