CVE-2026-2253

Summary

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities.

Affected Software

VendorProductVersion RangeStatus
Hitachi VantaraPentaho Data Integration and Analytics1.0 < 10.2.0.7affected
Hitachi VantaraPentaho Data Integration and Analytics10.0 < 11.0.0affected

Weaknesses

  • CWE-611: CWE-611 Improper restriction of XML external entity reference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References