CVE-2026-2253 | THREATINT

Description

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities.

PUBLISHED Reserved 2026-02-09 | Published 2026-05-27 | Updated 2026-05-27 | Assigner HITVAN

HIGH: 7.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Problem types

CWE-611 Improper restriction of XML external entity reference

Product status

Default status

unaffected

1.0 (maven) before 10.2.0.7

affected

10.0 (maven) before 11.0.0

affected

Credits

Hitachi Group Member finder

References

support.pentaho.com/...7-and-11-0-0-0-Impacted-CVE-2026-2253

cve.org (CVE-2026-2253)

nvd.nist.gov (CVE-2026-2253)

Download JSON