CVE-2018-1000844: Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contains a XML External Ent
Summary
Square's Retrofit library (a tool for making web requests in Java) contained an XXE vulnerability (XML External Entity attack, where an attacker tricks the system into reading files by embedding malicious instructions in XML data) in its JAXB component. An attacker could exploit this to read files from the system or perform SSRF (server-side request forgery, where an attacker makes the server send requests to unintended targets).
Solution / Mitigation
The vulnerability was fixed after commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437. Users should update to a version of Retrofit that includes this commit.
Vulnerability Details
6.4
EPSS: 0.9%
Classification
Taxonomy References
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2018-1000844
First tracked: February 15, 2026 at 08:43 PM
Classified by LLM (prompt v3) · confidence: 72%