Description

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.

Related CPE's

a

apache

struts

3

References

https://cwiki.apache.org/confluence/display/WW/S2-069

Vendor AdvisoryMailing List

http://www.openwall.com/lists/oss-security/2026/01/11/2

Mailing ListThird Party Advisory

Weaknesses

[email protected]

Secondary
CWE-112

[email protected]

Primary
CWE-611

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

8.1 · High

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2026-01-11T13:15:45.610Z

5 days ago

Last modified

2026-01-16T14:31:16.030Z

4 hours ago