CVE-2026-2536 | opencc JFlow up to 20260129 Workflow Engine WF_Admin_AttrFlow.java Imp_Done File xml external entity reference (IDN7GT)

A vulnerability, which was classified as problematic, has been found in opencc JFlow up to 20260129. This affects the function Imp_Done of the file src/main/java/bp/wf/httphandler/WF_Admin_AttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference.

This vulnerability appears as CVE-2026-2536. The attack may be initiated remotely. In addition, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More