VDB

GHSA-m7jm-9gc2-mpf2

GHSA-m7jm-9gc2-mpf2 PUBLISHED CVSS 9.300000190734863 CRITICAL

fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names

Risk Scores

CVSS v3.1
9.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N

Affected Products

VendorProductVersions
NaturalIntelligencefast-xml-parser4.1.3,
NaturalIntelligencefast-xml-parser4.1.3, < 5.3.5

Timeline

  • CVE Published
  • Mar 2, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›