CVE-2022-26661 is a medium-severity Improper Restriction of XML External Entity Reference (CWE-611) vulnerability in Tryton Proteus. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 34.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x…
more
through 6.2.1. An authenticated user can make the server parse a crafted XML SEPA file to access arbitrary files on the system.