XML External Entity Processing Vulnerability in WSO2 Products
CVE-2024-8010

3.5LOW

Key Information:

Vendor: Wso2
Status: Wso2 Api Manager
Vendor: CVE Published:; 16 April 2026

What is CVE-2024-8010?

This vulnerability enables an attacker to exploit the handling of XML inputs through the WSO2 publisher, as it does not disable external entity resolution. By crafting a malicious XML payload, attackers can access sensitive files on the server's file system or request unauthorized data from limited HTTP resources. This could lead to severe data breaches and unauthorized access to critical system information.

Affected Version(s)

WSO2 API Manager 3.2.0 < 3.2.0.397

WSO2 API Manager 3.2.1 < 3.2.1.27

WSO2 API Manager 4.0.0 < 4.0.0.310

References

https://security.docs.wso2.com/en/latest/security-announc...

vendor-advisory

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2026
Vulnerability Reserved
Aug 20, 2024

CVE-2024-8010 Data

JSON

Wso2

What is CVE-2024-8010?

Affected Version(s)

References

CVSS V3.1

Timeline