CVE-2024-8010

Low

Published: 16 April 2026

Published

16 April 2026

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 3.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Score 0.0001 3.1th percentile

Risk Priority 7 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-8010 is a low-severity Improper Restriction of XML External Entity Reference (CWE-611) vulnerability in Wso2 Api Manager. Its CVSS base score is 3.5 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 3.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Requires validation of XML inputs to prevent processing of crafted payloads with unescaped external entity references.

CM-6 Configuration Settings good match

prevent

Mandates secure configuration settings for XML parsers to disable external entity resolution, directly addressing the root cause of this XXE vulnerability.

SI-2 Flaw Remediation partial match

prevent

Ensures timely remediation of the specific XXE flaw in WSO2 products through patching or configuration updates as per vendor advisories.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

XXE directly enables local file reads (T1005) via crafted XML and exploitation of the vulnerable XML-accepting component (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external entity references. By leveraging this vulnerability, a malicious actor can read confidential…

files from the product's file system or access limited HTTP resources reachable via HTTP GET requests to the vulnerable product.

Deeper analysisAI

CVE-2024-8010 is an XML External Entity (XXE) vulnerability, classified under CWE-611, affecting a component in WSO2 products that accepts XML input through the publisher without disabling external entity resolution. This flaw enables malicious actors to submit crafted XML payloads exploiting unescaped external entity references. The vulnerability received a CVSS v3.1 base score of 3.5 (AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) and was published on 2026-04-16.

Exploitation requires an attacker with low privileges (PR:L) on an adjacent network (AV:A) and involves low complexity (AC:L) with no user interaction needed. Successful attacks allow the reading of confidential files from the product's file system or access to limited HTTP resources via GET requests directed at the vulnerable product, resulting in low-impact confidentiality loss.

The official WSO2 security advisory provides details on mitigation, available at https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3581/.