Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-12992— Apicurio/apicurio-registry: apicurio-registry: ssrf via wsdl4j import dereference in wsdl full validation

CVSS 7.4 · High EPSS 0.19% · P8

Affected Version Matrix 2

VendorProductVersion RangeStatus
Red HatRed Hat build of Apicurio Registry 3anyaffected
anyaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-12992

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Apicurio/apicurio-registry: apicurio-registry: ssrf via wsdl4j import dereference in wsdl full validation
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, an attacker with Developer-role access can upload a WSDL document containing attacker-controlled import locations, causing the registry to issue HTTP requests to arbitrary internal URLs (server-side request forgery).
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
服务端请求伪造(SSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Red Hat Apicurio Registry 服务端请求伪造漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Red Hat Apicurio Registry是美国Red Hat公司的一款用于管理与版本控制API模式与事件数据结构的开源注册中心。 Red Hat Apicurio Registry存在服务端请求伪造漏洞,该漏洞源于WSDLReaderAccessor未禁用javax.wsdl.importDocuments特性,设置VALIDITY规则为FULL时,具有Developer角色的攻击者可通过上传包含攻击者控制导入位置的WSDL文档,导致注册表向任意内部URL发出HTTP请求。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Red HatRed Hat build of Apicurio Registry 3-cpe:/a:redhat:apicurio_registry:3
Red HatRed Hat build of Apicurio Registry 3-cpe:/a:redhat:apicurio_registry:3

II. Public POCs for CVE-2026-12992

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-12992

登录查看更多情报信息。

Vendor Advisories for CVE-2026-12992 (1)

Other References for CVE-2026-12992 (1)

Same Patch Batch · Red Hat · 2026-06-25 · 13 CVEs total

CVE-2026-129758.5 HIGHApicurio/apicurio-registry: apicurio-registry: unhardened saxparser in content-type detect
CVE-2026-98008.1 HIGHKeycloak-policy-enforcer: keycloak policy enforcer: authorization bypass via incorrect uri
CVE-2026-118008.1 HIGHOrg.keycloak:keycloak-services: keycloak: authentication bypass via jwt algorithm confusio
CVE-2026-90997.7 HIGHKeycloak: group-admin escalation to realm-admin
CVE-2026-90867.3 HIGHKeycloak: keycloak: cross-site scripting (xss) via case-insensitive uri validation bypass
CVE-2026-130836.9 MEDIUMPen-drive: pen-drive: stored xss via unescaped cluster data in html report
CVE-2026-97056.5 MEDIUMKeycloak: keycloak: attacker can re-enable and take over disabled clients via registration
CVE-2026-129936.5 MEDIUMApicurio/apicurio-registry: apicurio-registry: xml entity-expansion denial of service via
CVE-2026-133186.4 MEDIUMVirt-api-rhel9: kubevirt: kubevirt: ssrf in virt-api port-forward via unvalidated guest-ag
CVE-2026-90834.9 MEDIUMKeycloak: keycloak: information disclosure through arbitrary filesystem path probing
CVE-2026-97994.6 MEDIUMKeycloak: keycloak: unauthorized access to resources via uma permission ticket bypass
CVE-2026-132184.2 MEDIUMKubevirt: kubevirt: symlink following in writetocachedfile allows host file overwrite from

IV. Related Vulnerabilities

V. Comments for CVE-2026-12992

No comments yet


Leave a comment