CVE-2024-8010 XML External Entity Injection via Publisher in WSO2 API Manager Allows Reading Arbitrary Files

🗓️ 16 Apr 2026 09:39:20Reported by WSO2Type

CVE-2024-8010 allows XML External Entity injection via publisher in WSO2 API Manager to read files.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2024-8010	16 Apr 202609:39	–	attackerkb
Circl	CVE-2024-8010	16 Apr 202614:44	–	circl
CNNVD	WSO2 API Manager 安全漏洞	16 Apr 202600:00	–	cnnvd
CVE	CVE-2024-8010	16 Apr 202609:39	–	cve
EUVD	EUVD-2024-55549	16 Apr 202612:31	–	euvd
NVD	CVE-2024-8010	16 Apr 202610:16	–	nvd
Positive Technologies	PT-2026-33304	16 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2024-8010	5 Jun 202618:49	–	redhatcve
Vulnrichment	CVE-2024-8010 XML External Entity Injection via Publisher in WSO2 API Manager Allows Reading Arbitrary Files	16 Apr 202609:39	–	vulnrichment

[
  {
    "vendor": "WSO2",
    "product": "WSO2 API Manager",
    "versions": [
      {
        "status": "unknown",
        "version": "0",
        "lessThan": "3.2.0",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "3.2.0",
        "lessThan": "3.2.0.397",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "3.2.1",
        "lessThan": "3.2.1.27",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.0.0",
        "lessThan": "4.0.0.310",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.0.0",
        "lessThan": "4.0.0.319",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.1.0",
        "lessThan": "4.1.0.171",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.2.0",
        "lessThan": "4.2.0.127",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.3.0",
        "lessThan": "4.3.0.39",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
security	www.security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3581/

16 Apr 2026 09:39Current

CVSS 3.13.5

EPSS0.00027

CWE-611