Skip to main content

Jopendocument

1 CVEs product

Monthly

CVE-2026-6501 Maven MEDIUM This Month

XML external entity (XXE) injection in jOpenDocument 1.5 allows authenticated remote attackers to trigger denial of service through XML bomb attacks (billion laughs) by submitting specially crafted documents. The vulnerability affects document parsing functionality and requires valid user authentication, limiting but not eliminating real-world risk in multi-tenant or collaborative document processing environments. EPSS and KEV status not provided, but SSVC framework indicates automatable exploitation with partial technical impact.

XXE Jopendocument
NVD
CVSS 4.0
5.3
EPSS
0.1%
EPSS 0% CVSS 5.3
MEDIUM This Month

XML external entity (XXE) injection in jOpenDocument 1.5 allows authenticated remote attackers to trigger denial of service through XML bomb attacks (billion laughs) by submitting specially crafted documents. The vulnerability affects document parsing functionality and requires valid user authentication, limiting but not eliminating real-world risk in multi-tenant or collaborative document processing environments. EPSS and KEV status not provided, but SSVC framework indicates automatable exploitation with partial technical impact.

XXE Jopendocument
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy