CVE-2026-3511

Published: Mar 19, 2026 Last Modified: Mar 19, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,6

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: changed

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF (Server Side Request Forgery) attacks and obtain unauthorized access to local files on filesystems running the vulnerable application. Successful exploitation requires the victim to visit a specially crafted website that sends request containing a specially crafted XML document to /sign endpoint of the local HTTP server run by the application.

611

Improper Restriction of XML External Entity Reference

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Availability

Potential Impacts:

Read Application Data Read Files Or Directories Bypass Protection Mechanism Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory)

Applicable Platforms

Languages: Not Language-Specific, XML

Technologies: Not Technology-Specific, Web Based

View CWE Details

https://blog.binary.house/2026/03/pripadova-studia-ako-sme-…

https://blog.binary.house/2026/03/pripadova-studia-ako-sme-s-claude-code.html

https://github.com/slovensko-digital/autogram/releases/tag/…

https://github.com/slovensko-digital/autogram/releases/tag/v2.7.2

CVE-2026-3511

Description

Improper Restriction of XML External Entity Reference

Common Consequences

Applicable Platforms

Iscriviti alla newsletter