Description

The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external entity references. By leveraging this vulnerability, a malicious actor can read confidential files from the product's file system or access limited HTTP resources reachable via HTTP GET requests to the vulnerable product.

INFO

Published Date :

2026-04-16T09:39:20.130Z

Last Modified :

2026-04-16T12:30:36.466Z

Source :

WSO2
AFFECTED PRODUCTS

The following products are affected by CVE-2024-8010 vulnerability.

Vendors Products
Wso2
  • Wso2 Api Manager
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-8010.

URL Resource
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3581/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact