| Summary | OpenCMS v20 and before is vulnerable to XML External Entity (XXE) in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml. |
|---|---|
| Publication Date | May 6, 2026, 2:17 a.m. |
| Registration Date | May 6, 2026, 4:07 a.m. |
| Last Update | May 6, 2026, 2:17 a.m. |