What is the CVSS score of CVE-2026-3511?

CVE-2026-3511 has a CVSS 3.1 base score of 8.6 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Java are affected by CVE-2026-3511?

Slovensko.Digital Autogram contains an unauthenticated XXE vulnerability (CVE-2026-3511, CVSS 8.6) that enables remote attackers to read local files and conduct server-side request forgery attacks…. A patch is available.

How to fix or mitigate CVE-2026-3511?

Within 24 hours: Identify all systems running Slovensko.Digital Autogram and isolate or restrict network access to the /sign endpoint. Within 7 days: Apply the vendor-released patch to all affected Autogram instances and verify successful deployment. Within 30 days: Conduct file system access audit on affected systems to identify whether any credentials or sensitive data were accessed during the exposure window; implement input validation and XXE filtering on XML processing endpoints as defense-in-depth.

Java CVE-2026-3511

EUVD-2026-13095 HIGH

Improper Restriction of XML External Entity Reference (CWE-611)

2026-03-19 SK-CERT

Authentication Bypass Java SSRF XXE Autogram

8.6

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:20 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

2.7.2

EUVD ID Assigned

Mar 19, 2026 - 11:45 euvd

EUVD-2026-13095

Analysis Generated

Mar 19, 2026 - 11:45 vuln.today

CVE Published

Mar 19, 2026 - 11:25 nvd

HIGH 8.6

DescriptionNVD

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF (Server Side Request Forgery) attacks and obtain unauthorized access to local files on filesystems running the vulnerable application. Successful exploitation requires the victim to visit a specially crafted website that sends request containing a specially crafted XML document to /sign endpoint of the local HTTP server run by the application.

AnalysisAI

An XML External Entity (XXE) vulnerability in the XMLUtils.java component of Slovensko.Digital Autogram allows remote unauthenticated attackers to conduct Server-Side Request Forgery (SSRF) attacks and read local files from the filesystem. The vulnerability affects Autogram software and can be exploited when a victim visits a specially crafted website that sends malicious XML to the application's local HTTP server /sign endpoint. …

RemediationAI

Within 24 hours: Identify all systems running Slovensko.Digital Autogram and isolate or restrict network access to the /sign endpoint. Within 7 days: Apply the vendor-released patch to all affected Autogram instances and verify successful deployment. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-3511 vulnerability details – vuln.today

Back

Java CVE-2026-3511

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code