XDocReport affected by an XML External Entity (XXE) vulnerability
Critical severity
GitHub Reviewed
Published
Jan 20, 2026
to the GitHub Advisory Database
•
Updated Jan 21, 2026
Package
Affected versions
>= 0.9.2, < 2.0.4
Patched versions
2.0.4
Description
Published by the National Vulnerability Database
Jan 20, 2026
Published to the GitHub Advisory Database
Jan 20, 2026
Reviewed
Jan 21, 2026
Last updated
Jan 21, 2026
An XML External Entity (XXE) vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file.
References