Apache Neethi
3 CVEs affecting Apache Neethi. Latest disclosed: 2026-05-01. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-42403 | High | 7.5 | 2026-05-01 | Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references (where Policy A… |
CVE-2026-42402 | High | 7.5 | 2026-05-01 | Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can tri… |
CVE-2026-42404 | Medium | 6.5 | 2026-05-01 | Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application exp… |