Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-49875

Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurations, enabling out-of-band (OOB) external entity resolution. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 4.4%
CVSS Severity


Products
Pricing
Contact Us

Shodan ® - All rights reserved