CVE-2026-8045
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk16th percentile - higher than 16% of all known CVEs
Summary
A CWE-611 vulnerability related to improper restriction of XML External Entity Reference exists that could lead to information disclosure of server-side file contents. An attacker with a Data Center Expert user account can submit crafted XML payloads to SOAP service endpoints.
Risk Assessment
This vulnerability may lead to the disclosure of sensitive data stored on the server, posing a serious security threat to the organization.
Recommendation
It is recommended to implement appropriate security measures to restrict the ability to submit unauthorized XML payloads and to monitor the activities of users with Data Center Expert privileges.
Original NVD description (English source)
CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints.

