Description
Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup.

This issue affects jOpenDocument: 1.5.
Published: 2026-05-04
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An improper restriction of XML external entity references in ILM Informatique jOpenDocument permits crafted XML to cause a blowup during data serialization, leading to excessive memory consumption or application failure. This weakness is classified as CWE-611 and can degrade the availability of services that rely on this library.

Affected Systems

The affected product is ILM Informatique jOpenDocument version 1.5. No other versions or products were indicated in the data.

Risk and Exploitability

The CVSS score of 5.3 signals moderate severity. EPSS data is not provided and the vulnerability is not listed in CISA's KEV catalog, indicating no known exploitation at large scale. Based on the description, the likely attack vector is an attacker providing malicious XML input to an application that uses jOpenDocument for parsing or serialization. The attack requires that the application processes untrusted XML, which may or may not need privileged access. The risk is primarily a DoS impact rather than code execution or data compromise.

Generated by OpenCVE AI on May 4, 2026 at 16:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade jOpenDocument to the latest supported release that includes fixes for external entity handling
  • Configure the library or application to disable support for external entity references during XML parsing
  • Validate and sanitize all XML input before it reaches jOpenDocument to ensure no external entity definitions are present

Generated by OpenCVE AI on May 4, 2026 at 16:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Ilm Informatique
Ilm Informatique jopendocument
Vendors & Products Ilm Informatique
Ilm Informatique jopendocument

Mon, 04 May 2026 16:45:00 +0000

Type Values Removed Values Added
Title Improper Restriction of XML External Entity in jOpenDocument Leads to Data Serialization Blowup

Mon, 04 May 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 04 May 2026 15:00:00 +0000

Type Values Removed Values Added
Description Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup. This issue affects jOpenDocument: 1.5.
Weaknesses CWE-611
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Ilm Informatique Jopendocument
cve-icon MITRE

Status: PUBLISHED

Assigner: TCS-CERT

Published:

Updated: 2026-05-04T15:32:22.819Z

Reserved: 2026-04-17T09:34:02.707Z

Link: CVE-2026-6501

cve-icon Vulnrichment

Updated: 2026-05-04T15:32:19.197Z

cve-icon NVD

Status : Received

Published: 2026-05-04T15:16:05.177

Modified: 2026-05-04T15:16:05.177

Link: CVE-2026-6501

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T19:44:09Z

Weaknesses