CVE-2026-49875

Published Jun 12, 2026

Last updated 2 days ago

Overview

Description: Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurations, enabling out-of-band (OOB) external entity resolution. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue.
Source: security@apache.org
NVD status: Undergoing Analysis

Weaknesses

security@apache.org: CWE-611

Hype score: Not currently trending

🚨*CVE* CVE-2026-49875 Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurations, enabling out-o… https://t.co/0qJ4Z89tPV ----- Traducción: CVE-2026-49875 Las… https://t.co/utmtNg
@infoflowcloud
12 Jun 2026
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References

Sources include official advisories and independent security research.