Threats Tagged 'cve-2026-40682'
View all threats tagged with 'cve-2026-40682'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-40682'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-40682: CWE-611 Improper Restriction of XML External Entity Reference in Apache Software Foundation Apache OpenNLPCVE-2026-40682 0 CVE-2026-40682 is a critical XML External Entity (XXE) vulnerability in Apache OpenNLP affecting versions before 2.5.9 and before 3.0.0-M3. The issue arises because the DictionaryEntryPersistor class initializes an XML parser without disabling DTD processing or enabling secure processing features, allowing crafted dictionary files with malicious DOCTYPE declarations to trigger local file disclosure or server-side request forgery during XML parsing. This vulnerability impacts the public Dictionary(InputStream) constructor, which is used to load user-supplied dictionaries, making exploitation realistic if untrusted input is processed. The project’s other XML parsing paths correctly mitigate this risk, but this specific path does not. Users are advised to upgrade to fixed versions or apply input validation to reject XML containing DOCTYPE declarations if immediate upgrade is not possible. Join the discussion | CVE Database V5 | 05/04/2026, 16:55:55 UTC Added: 05/04/2026, 17:06:30 UTC |
Showing 1 to 1 of 1 result