CVE-2026-6501 — jOpenDocument has an improper restriction of XML external entity reference vulne

Description

Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup. This issue affects jOpenDocument: 1.5.

How to fix CVE-2026-6501

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

Maven/org.jopendocument:jOpenDocument—no fix listed

Is CVE-2026-6501 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, <= 1.3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

References (2)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2026-6501
WEBwww.jopendocument.org/documentation.html