XML External Entity (XXE)

XXE arises when XML parsers process external entity references, enabling file disclosure or SSRF.

#appsec#cwe

Last updated: 2025-09-02T00:00:00.000Z

Evidence

CWE CWE-611 Normative evidence
cwe.mitre.org

Mappings

CWE-611

More context

Disable external entity resolution and use secure parser configurations or alternative formats.