XML Parser Vulnerability in Lobster_pro Software by Schutzwerk
CVE-2024-13971

7.7HIGH

Key Information:

Vendor: Lobster Gmbh
Status: Lobster Pro
Vendor: CVE Published:; 30 April 2026

🔔 Create Lobster Gmbh Vulnerability Alert

What is CVE-2024-13971?

A security weakness in the XML parser functionality of Lobster_pro, before version 4.12.6-GA, allows unauthorized attackers to gain read access to sensitive files on the application server and reach adjacent network shares. This vulnerability also permits attackers to execute HTTP GET requests on arbitrary services, potentially leading to unauthorized information disclosure and further exploitation of connected systems.

Affected Version(s)

Lobster_pro Windows 0 < 4.12.6-GA

Lobster_pro Windows 4.12.6-GA

References

https://www.schutzwerk.com/en/blog/schutzwerk-sa-2024-005/

CVSS V4

Score:

7.7

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2026
Vulnerability Reserved
Jul 3, 2025

Credit

Marcelo Reyes of SCHUTZWERK GmbH

CVE-2024-13971 Data

JSON