CVE-2026-3511HIGH 8.6EPSS p23.9%

CVE-2026-3511CVE-2026-3511

Description

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF (Server Side Request Forgery) attacks and obtain unauthorized access to local files on filesystems running the vulnerable application. Successful exploitation requires the victim to visit a specially crafted website that sends request containing a specially crafted XML document to /sign endpoint of the local HTTP server run by the application.

Scoring

CVSS 3.18.6 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS0.32% probability of exploitation · percentile 23.9% · 2026-06-19T12:03:05Z
Published2026-03-19
Last modified2026-03-19

Underlying weaknesses· 1

CWE-611

References

  1. https://blog.binary.house/2026/03/pripadova-studia-ako-sme-s-claude-code.html
  2. https://github.com/slovensko-digital/autogram/releases/tag/v2.7.2

1

TypeTargetConfidenceTier
WeaknessImproper Restriction of XML External Entity Referencecwe-6110%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-48006
CVE
CVE-2025-55853
CVE
CVE-2026-8993
CVE
CVE-2025-4044
CVE
CVE-2026-26338
CVE
CVE-2026-8045
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.