AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2017-14868: Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an

infovulnerability

security

Source: NVD/CVE DatabaseNovember 30, 2017CVE-2017-14868

Summary

CVE-2017-14868 is a vulnerability in Restlet Framework versions before 2.3.11 that allows attackers to read any file from a server using an XXE attack (XML external entity injection, where an attacker tricks the system into loading files from the server by embedding malicious XML code) when the SimpleXMLProvider component is used in REST API requests. This affects applications using the Jax-rs extension of the framework.

Solution / Mitigation

Update Restlet Framework to version 2.3.11 or later.

Vulnerability Details

CVSS Score

5

EPSS (30-day exploit probability)

EPSS: 0.4%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-611

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2017-14868

First tracked: February 15, 2026 at 08:43 PM

Classified by LLM (prompt v3) · confidence: 95%