Cyber Resilience

CVE-2024-8010

Low

Published: 16 April 2026

Published
16 April 2026
Modified
23 April 2026
KEV Added
Patch
CVSS Score v3.1 3.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.0003 8.0th percentile
Risk Priority 7 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-8010 is a low-severity Improper Restriction of XML External Entity Reference (CWE-611) vulnerability in Wso2 Api Manager. Its CVSS base score is 3.5 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 8.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-8010 is an XML External Entity (XXE) vulnerability, classified under CWE-611, affecting a component in WSO2 products that accepts XML input through the publisher without disabling external entity resolution. This flaw enables malicious actors to submit crafted XML payloads exploiting unescaped external entity references. The vulnerability received a CVSS v3.1 base score of 3.5 (AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) and was published on 2026-04-16.

Exploitation requires an attacker with low privileges (PR:L) on an adjacent network (AV:A) and involves low complexity (AC:L) with no user interaction needed. Successful attacks allow the reading of confidential files from the product's file system or access to limited HTTP resources via GET requests directed at the vulnerable product, resulting in low-impact confidentiality loss.

The official WSO2 security advisory provides details on mitigation, available at https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3581/.

EU & UK References

Vulnerability details

The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external entity references. By leveraging this vulnerability, a malicious actor can read confidential…

more

files from the product's file system or access limited HTTP resources reachable via HTTP GET requests to the vulnerable product.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

XXE directly enables local file reads (T1005) via crafted XML and exploitation of the vulnerable XML-accepting component (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-10713Same product: Wso2 Api Manager
CVE-2024-2374Same product: Wso2 Api Manager
CVE-2024-1524Same product: Wso2 Api Manager
CVE-2025-13590Same product: Wso2 Api Manager
CVE-2025-10611Same product: Wso2 Api Manager
CVE-2026-41066Shared CWE-611
CVE-2025-0162Shared CWE-611
CVE-2025-68493Shared CWE-611
CVE-2025-49535Shared CWE-611
CVE-2026-4374Shared CWE-611

Affected Assets

wso2
api manager
3.2.0 — 3.2.0.397 · 3.2.1 — 3.2.1.27 · 4.0.0 — 4.0.0.310

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of XML inputs to prevent processing of crafted payloads with unescaped external entity references.

prevent

Mandates secure configuration settings for XML parsers to disable external entity resolution, directly addressing the root cause of this XXE vulnerability.

prevent

Ensures timely remediation of the specific XXE flaw in WSO2 products through patching or configuration updates as per vendor advisories.

References