CVE Catalog
CVE-2026-2253
HighCVSS 7.7Exploitation Probability (EPSS)
Low risk0.20%
10th percentile - higher than 10% of all known CVEs
Summary
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, do not prevent certain XML parsers from resolving external entities.
Risk Assessment
This may lead to XML External Entity (XXE) attacks, posing a threat to the security of the organization's data and systems.
Recommendation
It is recommended to upgrade to the latest version of the software to minimize the risk associated with this vulnerability.
Original NVD description (English source)
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities.

