CVE-2026-42403

CVSS Score & Metrics

Base Score

7.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H                                    

Vulnerability Description

Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references (where Policy A references Policy B which references Policy A), the policy normalization process can enter an infinite loop or cause excessive recursion, leading to a stack overflow or application hang. An attacker can craft malicious policy documents with circular references to cause a Denial of Service condition

Users are recommended to upgrade to version 3.2.2, which fixes this issue.

Vulnerability Details

Published Date

May 01, 2026

Last Modified

May 01, 2026

CWE ID

CWE-400

Source

NVD

Vendor

Apache Software Foundation

Product

Apache Neethi

External References

https://lists.apache.org/thread/zm6t8skkkskjwk1881l4m4n0l7dqclzo

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment