NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-46722

Summary	The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index.
Publication Date	May 19, 2026, 7:16 p.m.
Registration Date	May 20, 2026, 4:12 a.m.
Last Update	May 19, 2026, 11:47 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://typo3.org/security/advisory/typo3-ext-sa-2026-011	f4fb688c-4412-4426-b4b8-421ecf27b14a

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-611	XML 外部エンティティ参照の不適切な制限	https://cwe.mitre.org/data/definitions/611.html