CVE Catalog

CVE-2026-2253

HighCVSS 7.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile - higher than 10% of all known CVEs

Summary

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, do not prevent certain XML parsers from resolving external entities.

Risk Assessment

This may lead to XML External Entity (XXE) attacks, posing a threat to the security of the organization's data and systems.

Recommendation

It is recommended to upgrade to the latest version of the software to minimize the risk associated with this vulnerability.

Original NVD description (English source)

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS