cvedb.io
CVE-2016-9318
MEDIUM · CVSS 5.5
EPSS exploitation probability: 0%
Published 2016-11-16T00:59:00.180 · Last modified 2026-06-17T00:55:49.887

Summary

libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.

Affected products

xmlsoft — libxml2

Does this affect you?

Add your gear to cvedb and we'll alert you only when xmlsoft ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.