CVE-2026-2536 | opencc JFlow up to 20260129 Workflow Engine WF_Admin_AttrFlow.java Imp_Done File xml external entity reference (IDN7GT)

A vulnerability, which was classified as problematic, has been found in opencc JFlow up to 20260129. This affects the function Imp_Done of the file src/main/java/bp/wf/httphandler/WF_Admin_AttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference.

This vulnerability appears as CVE-2026-2536. The attack may be initiated remotely. In addition, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-2536 | opencc JFlow up to 20260129 Workflow Engine WF_Admin_AttrFlow.java Imp_Done File xml external entity reference (IDN7GT)

Post correlati

CVE-2024-50344 | mkucej i-librarian-free up to 5.11.1 cross site scripting

CVE-2025-40911 | RRWO Net::CIDR::Set 0.10/0.11/0.12/0.13 on Perl IP CIDR Address String improper validation of specified type of input

CVE-2024-53138 | Linux Kernel up to 6.1.118/6.6.62/6.11.9 Page Refcount get_page null pointer dereference

CVE-2024-1018 | PbootCMS 3.2.5-20230421 name cross site scripting