Vulnerability Description
Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF (Server Side Request Forgery) attacks and obtain unauthorized access to local files on filesystems running the vulnerable application. Successful exploitation requires the victim to visit a specially crafted website that sends request containing a specially crafted XML document to /sign endpoint of the local HTTP server run by the application.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://blog.binary.house/2026/03/pripadova-studia-ako-sme-s-claude-code.html
- https://github.com/slovensko-digital/autogram/releases/tag/v2.7.2
FAQ
What is CVE-2026-3511?
CVE-2026-3511 is a vulnerability with a CVSS score of 8.6 (HIGH). Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF (Server Side Request Forgery) ...
How severe is CVE-2026-3511?
CVE-2026-3511 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-3511?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.