HIGHCVE-2026-2253Published 2026-05-27Modified 2026-05-27CNA HITVAN

CVE-2026-2253: Hitachi Vantara Pentaho Data Integration & Analytics - Improper Restriction of XML External Entity Reference

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities.

CVSS v3.1: 7.7
Severity: HIGH
Fixed in: 10.2.0.7
Affected Products: 1

Fix available

10.2.0.711.0.0

Affected packages

Hitachi Vantara / Pentaho Data Integration and Analytics
< 10.2.0.7 (from 1.0) · < 11.0.0 (from 10.0)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

References

support.pentaho.com

Metrics

Fix available