Black & White Path

May 4, 2026 · Information Security

Critical Vulnerabilities Discovered in Apache OpenNLP, Including XXE Injection

Three high‑severity CVEs affecting Apache OpenNLP (up to version 2.5.8 and 3.0.0‑M2) enable denial‑of‑service, privilege escalation, and XXE attacks, allowing attackers to crash services, gain higher privileges, or read arbitrary files, and the article outlines mitigation steps.