CVE-2024-28757

HIGH

Published Mar 10, 2024 Modified Nov 4, 2025 CWE-776

Description

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

CVSS v3.1 Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weakness Type (CWE)

CWE-776 CWE-776

Affected Products

Vendor	Product	Versions
libexpat_project	libexpat	< 2.6.2
fedoraproject	fedora	All
fedoraproject	fedora	All
fedoraproject	fedora	All
netapp	active_iq_unified_manager	All
netapp	oncommand_workflow_automation	All
netapp	ontap	All
netapp	ontap_tools	All
netapp	windows_host_utilities	All
netapp	h300s_firmware	All
netapp	h300s	All
netapp	h500s_firmware	All
netapp	h500s	All
netapp	h700s_firmware	All
netapp	h700s	All
netapp	h410s_firmware	All
netapp	h410s	All
netapp	h410c_firmware	All
netapp	h410c	All
netapp	h610c_firmware	All
netapp	h610c	All
netapp	h610s_firmware	All
netapp	h610s	All

References

Advisories & Patches

http://www.openwall.com/lists/oss-security/2024/03/15/1 https://github.com/libexpat/libexpat/issues/839 https://github.com/libexpat/libexpat/pull/842 http://www.openwall.com/lists/oss-security/2024/03/15/1 https://github.com/libexpat/libexpat/issues/839 https://github.com/libexpat/libexpat/pull/842

Exploits

https://github.com/libexpat/libexpat/issues/839 https://github.com/libexpat/libexpat/issues/839

Other References

Frequently Asked Questions

What is CVE-2024-28757? +

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). It has a CVSS v3.1 base score of 7.5 (HIGH).

How severe is CVE-2024-28757? +

CVE-2024-28757 has a CVSS v3.1 score of 7.5 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.

What products are affected by CVE-2024-28757? +

CVE-2024-28757 affects products from fedoraproject, libexpat_project, netapp, specifically: active_iq_unified_manager, fedora, h300s, h300s_firmware, h410c, h410c_firmware, h410s, h410s_firmware, h500s, h500s_firmware, h610c, h610c_firmware, h610s, h610s_firmware, h700s, h700s_firmware, libexpat, oncommand_workflow_automation, ontap, ontap_tools, windows_host_utilities. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2024-28757? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2026-42212

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a …

CVE-2019-19144 9.8

XML External Entity Injection vulnerability in Quantum DXi6702 2.3.0.3 (11449-53631 Build304) devices via rest/Users?action=authenticate.

CVE-2025-3225 7.5

An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llama_index …

CVE-2026-31248 7.5

Docling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend extracts and validates XML …

CVE-2024-28982 7.1

Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service …

CVE-2025-0617 5.9

An attacker with access to an HX 10.0.0 and previous versions, may send specially-crafted data to the HX console. The …

Quick Facts

CVSS Score: 7.5
Severity: HIGH
Published: Mar 10, 2024

Scan for this vulnerability

Check if your website or infrastructure is affected by CVE-2024-28757.

Website Scan Port Scan

Browse CVEs

Critical High CISA KEV ! Most likely exploited →