Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-12993— Apicurio/apicurio-registry: apicurio-registry: xml entity-expansion denial of service via internal dtd subset

CVSS 6.5 · Medium EPSS 0.25% · P16

Possible ATT&CK Techniques 1AI

T1496 · Resource Hijacking

Affected Version Matrix 2

VendorProductVersion RangeStatus
Red HatRed Hat build of Apicurio Registry 3anyaffected
anyaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-12993

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Apicurio/apicurio-registry: apicurio-registry: xml entity-expansion denial of service via internal dtd subset
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in Apicurio Registry. The DocumentBuilderAccessor correctly blocks external DTD and schema access but does not disable DOCTYPE declarations or enable FEATURE_SECURE_PROCESSING. An attacker with artifact-write permission can upload XML documents with internal entity-expansion payloads (billion-laughs variant) that cause CPU and heap exhaustion, partially mitigated by the JAXP default 64,000 entity-expansion limit.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
DTD中递归实体索引的不恰当限制(XML实体扩展)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Red Hat Apicurio Registry 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Red Hat Apicurio Registry是美国Red Hat公司的一款用于管理与版本控制API模式与事件数据结构的开源注册中心。 Red Hat Apicurio Registry存在资源管理错误漏洞,该漏洞源于DocumentBuilderAccessor未禁用DOCTYPE声明且未启用FEATURE_SECURE_PROCESSING,具有artifact-write权限的攻击者可上传包含内部实体扩展有效载荷(billion-laughs变体)的XML文档,导致CPU和堆耗尽。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Red HatRed Hat build of Apicurio Registry 3-cpe:/a:redhat:apicurio_registry:3
Red HatRed Hat build of Apicurio Registry 3-cpe:/a:redhat:apicurio_registry:3

II. Public POCs for CVE-2026-12993

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-12993

登录查看更多情报信息。

Vendor Advisories for CVE-2026-12993 (1)

Other References for CVE-2026-12993 (1)

Same Patch Batch · Red Hat · 2026-06-25 · 13 CVEs total

CVE-2026-129758.5 HIGHApicurio/apicurio-registry: apicurio-registry: unhardened saxparser in content-type detect
CVE-2026-118008.1 HIGHOrg.keycloak:keycloak-services: keycloak: authentication bypass via jwt algorithm confusio
CVE-2026-98008.1 HIGHKeycloak-policy-enforcer: keycloak policy enforcer: authorization bypass via incorrect uri
CVE-2026-90997.7 HIGHKeycloak: group-admin escalation to realm-admin
CVE-2026-129927.4 HIGHApicurio/apicurio-registry: apicurio-registry: ssrf via wsdl4j import dereference in wsdl
CVE-2026-90867.3 HIGHKeycloak: keycloak: cross-site scripting (xss) via case-insensitive uri validation bypass
CVE-2026-130836.9 MEDIUMPen-drive: pen-drive: stored xss via unescaped cluster data in html report
CVE-2026-97056.5 MEDIUMKeycloak: keycloak: attacker can re-enable and take over disabled clients via registration
CVE-2026-133186.4 MEDIUMVirt-api-rhel9: kubevirt: kubevirt: ssrf in virt-api port-forward via unvalidated guest-ag
CVE-2026-90834.9 MEDIUMKeycloak: keycloak: information disclosure through arbitrary filesystem path probing
CVE-2026-97994.6 MEDIUMKeycloak: keycloak: unauthorized access to resources via uma permission ticket bypass
CVE-2026-132184.2 MEDIUMKubevirt: kubevirt: symlink following in writetocachedfile allows host file overwrite from

IV. Related Vulnerabilities

V. Comments for CVE-2026-12993

No comments yet


Leave a comment