BIT-java-2024-40896

BIT-java-2024-40896 PUBLISHED CVSS 9.100000381469727 CRITICAL

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.

Risk Scores

CVSS v3.1

9.100000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Affected Products

Vendor	Product	Versions
Bitnami	java	0, 1.9.0, 0

Timeline

May 6, 2026 CVE Published
May 8, 2026 CVE Updated

References

https://gitlab.gnome.org/GNOME/libxml2/-/commit/1a8932303969907f6572b1b6aac4081c56adb5c6 url
https://gitlab.gnome.org/GNOME/libxml2/-/issues/761 url
https://nvd.nist.gov/vuln/detail/CVE-2024-40896 url
https://security.netapp.com/advisory/ntap-20250228-0004/ url

Open in Interactive Console →