Security Bulletin: MongoDB Enterprised Advanced affected by: XML External Entity (XXE) vulnerability (CVE-2026-24400)

Summary There are vulnerabilities in assertj-core-3.27.6.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-24400. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-24400 DESCRIPTION: AssertJ provides Fluent testing assertions for Java and the Java Virtu...

CVE-2026-24400

CVE-2026-24400 affects AssertJ: up to 3.27.7 contains an XXE risk in XmlStringPrettyFormatter.toXmlDocument(String) used by isXmlEqualTo(CharSequence) and xmlPrettyFormat(String). Versions before 3.27.7 are vulnerable if untrusted XML is processed, potentially enabling local file disclosure (file...

AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion

An XML External Entity XXE vulnerability exists in org.assertj.core.util.xml.XmlStringPrettyFormatter: the toXmlDocumentString method initializes DocumentBuilderFactory with default settings, without disabling DTDs or external entities. This formatter is used by the isXmlEqualToCharSequence...