CVE-2026-49875 | Apache CXF up to 4.1.6/4.2.1 W3CMultiSchemaFactory/EndpointReferenceUtils xml external entity reference

A vulnerability identified as problematic has been detected in Apache CXF up to 4.1.6/4.2.1. Impacted is the function W3CMultiSchemaFactory/EndpointReferenceUtils. The manipulation leads to xml external entity reference.

This vulnerability is listed as CVE-2026-49875. The attack may be initiated remotely. There is no available exploit.

You should upgrade the affected component.VulDB Recent EntriesRead More