AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2020-14338: A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP

mediumvulnerability

security

Source: NVD/CVE DatabaseSeptember 17, 2020CVE-2020-14338

Summary

CVE-2020-14338 is a flaw in Wildfly's XML processing component where the XMLSchemaValidator class doesn't properly enforce a security feature called "use-grammar-pool-only," allowing a specially-crafted XML file to bypass validation checks. This vulnerability affects all Xerces JBoss versions before 2.12.0.SP3 and is related to a similar flaw found in OpenJDK.

Vulnerability Details

CVSS Score

5.3(medium)

EPSS (30-day exploit probability)

EPSS: 0.6%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-20 CWE-20

Original source: https://nvd.nist.gov/vuln/detail/CVE-2020-14338

First tracked: February 15, 2026 at 08:43 PM

Classified by LLM (prompt v3) · confidence: 95%