CVE Catalog

CVE-2026-8045

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile - higher than 16% of all known CVEs

Summary

A CWE-611 vulnerability related to improper restriction of XML External Entity Reference exists that could lead to information disclosure of server-side file contents. An attacker with a Data Center Expert user account can submit crafted XML payloads to SOAP service endpoints.

Risk Assessment

This vulnerability may lead to the disclosure of sensitive data stored on the server, posing a serious security threat to the organization.

Recommendation

It is recommended to implement appropriate security measures to restrict the ability to submit unauthorized XML payloads and to monitor the activities of users with Data Center Expert privileges.

Original NVD description (English source)

CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS