CVE-2026-3511 - Vulnerability Analysis
HighCVSS: 8.6Last Updated: March 19, 2026
Slovensko.Digital Autogram - XML External Entity Injection
Overview
Slovensko.Digital Autogram contains an XML External Entity Injection caused by improper restriction in XMLUtils.java, letting remote unauthenticated attackers conduct SSRF and access local files, exploit requires victim to visit a crafted website.
Severity & Score
Impact
Remote attackers can perform SSRF and access unauthorized local files, potentially leading to sensitive information disclosure.
Mitigation
Update to the latest version with XML external entity protections.
References
Social Media Activity(2 posts)
š CVE-2026-3511 - High (8.6) Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF (Server Side Request Forgery) attacks and obtain unauthorized access to local... š https://www.thehackerwire.com/vulnerability/CVE-2026-3511/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-3511 - High (8.6) Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF (Server Side Request Forgery) attacks and obtain unauthorized access to local... š https://www.thehackerwire.com/vulnerability/CVE-2026-3511/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-3511
- Severity
- High
- CVSS Score
- 8.6
- Type
- xml_external_entity_injection
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-611
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N