CyberRota
← Ana sayfaya dön

CVE-2026-12975

HIGH · CVSS 8.5 EPSS %0.24

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-25T22:17:00.620 · Çekilme zamanı: 2026-06-30T18:34:42.103849+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

CVE
CVE-2026-12975
Severity
HIGH
CVSS
8.5
EPSS
%0.24

Orijinal NVD Açıklaması

A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml() method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission (or unauthenticated when the registry runs with default configuration) can upload a crafted XML document to trigger blind server-side request forgery (SSRF) via external DTD/entity fetch, or cause denial of service via entity expansion.