Primary

Context

Alkacon OpenCms Apache Solr Injection Vulnerability

Vulnerability

Patched

A vulnerability allowing injection into Apache Solr has been identified in Alkacon OpenCms versions prior to 16. This issue arises from improper handling of XML data, specifically XML External Entity (XXE) processing, which can be exploited to read sensitive files from the server.

Impact

Exploitation of this vulnerability allows for unauthorized access to the Apache Solr query interface, where injected payloads could be executed, potentially leading to unauthorized data manipulation or access.

Reproduction

The vulnerability can be reproduced by sending a crafted HTTP GET request to the '/cmisatom/cmis-online/query' endpoint. The request must include a 'q' parameter that contains the injection payload, exploiting the Solr query parser.

Remediation

Users are advised to update to OpenCms version 16 or later, where this vulnerability has been patched.

Added: May 8, 2026, 5:22 AM

Updated: May 8, 2026, 5:22 AM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.4

exploitability

9.7

remediation

7.7

relevance

7.8

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.4

exploitability

9.7

remediation

7.7

relevance

7.8

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Alkacon OpenCms Apache Solr Injection Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Alkacon OpenCms

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating