CVE-2026-2253

Published: Mag 27, 2026 Last Modified: Mag 27, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,7

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: changed

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities.

611

Improper Restriction of XML External Entity Reference

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Availability

Potential Impacts:

Read Application Data Read Files Or Directories Bypass Protection Mechanism Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory)

Applicable Platforms

Languages: Not Language-Specific, XML

Technologies: Not Technology-Specific, Web Based

View CWE Details

https://support.pentaho.com/hc/en-us/articles/4567754819393…

https://support.pentaho.com/hc/en-us/articles/45677548193933--Resolved-Hitachi-…

CVE-2026-2253

Description

Improper Restriction of XML External Entity Reference

Common Consequences

Applicable Platforms

Iscriviti alla newsletter