CVE-2026-48359
Adobe Experience Manager is affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in
CVSS
9.6
Crítico
EPSS
0.5%
p41
KEV
—
Exploit Today
12
0-100
Publicado: 14 jul 2026 · Última mod.: 17 jul 2026 · CWE-611
0.5%EPSS · 30 días0.5%
2026-07-152026-07-17
Adobe Experience Manager is affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution in the context of the current user. A low-privileged attacker could exploit this vulnerability to read sensitive files, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue does not require user interaction. Scope is changed.
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2025-684938.1 ALT97.5%
——29Missing XML Validation vulnerability in Apache Struts, Apache Struts.
This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.
Users are recommended to upgrade to version 6.1.1, which fixes the issue.3dCVE-2026-261717.5 ALT75.4%
——23Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.3dCVE-2020-259129.1 CRÍ68.1%
——20A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 which can lead to an information disclosure or denial of service (DOS).9dCVE-2023-269999.8 CRÍ60.5%
——18An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file.9dCVE-2021-450249.8 CRÍ59.5%
——18ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to XML External Entity (XXE).9dCVE-2023-241877.8 ALT56.2%
——17An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile.9d