4 matches found
com.github.vindell:spring-boot-starter-cxf-jaxws-plus (>=1.0.0.RELEASE <=1.0.2.RELEASE), org.apache.cxf:apache-cxf (>=3.3.0 <=3.6.10) +1 more potentially affected by CVE-2026-44618 via org.apache.cxf:cxf-rt-ws-transfer (>=3.2.4 <=3.6.10)
org.apache.cxf:cxf-rt-ws-transfer MAVEN version =3.2.4, =1.0.0.RELEASE, =3.3.0, =3.4.0, =3.6.10 Source cves: CVE-2026-44618 Source advisory: SNYK:JAVA-ORGAPACHECXF-17115402...
org.apache.cxf:apache-cxf (>=4.0.0 <=4.1.5), org.apache.cxf:cxf-distribution-javadoc (>=4.0.0 <=4.1.5) potentially affected by CVE-2026-44618 via org.apache.cxf:cxf-rt-ws-transfer (>=4.0.0 <=4.1.5)
org.apache.cxf:cxf-rt-ws-transfer MAVEN version =4.0.0, =4.0.0, =4.0.0, =4.1.5 Source cves: CVE-2026-44618 Source advisory: SNYK:JAVA-ORGAPACHECXF-17115402...
CVE-2026-44618
Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...
EUVD-2026-31434
Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...