Improper XML External Entity Reference in Apache Lucene.Net Library
CVE-2026-47898
4MEDIUM
What is CVE-2026-47898?
A vulnerability in the Apache Lucene.Net.Analysis.Common library can lead to improper handling of XML External Entity references, potentially exposing applications to unauthorized data access. Affected versions are 4.8.0-beta00005 through 4.8.0-beta00017. Users are strongly advised to upgrade to version 4.8.0-beta00018 to mitigate this issue.
Affected Version(s)
Apache Lucene.Net 4.8.0-beta00005 < 4.8.0-beta00018