Back to CVE List

CVE-2026-54640

HIGH SEVERITY

CVSS Score & Metrics

Base Score
7.6 / 10

Vulnerability Description

OpenRemote has an incomplete fix for CVE-2026-40882: XXE in KNXProtocol.startAssetImport() allows arbitrary file read via unprotected XMLInputFactory

Vulnerability Details

Published Date
Last Modified
Source
GitHub
Vendor
maven
Product
io.openremote:openremote-agent

External References

Discussion (0)

Add Comment

No comments yet. Be the first!