CVE-2026-36765

· NIST NVD ↗

An XML external entity (XXE) vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload.

HIGH

CVSS severity

8.8

CVSS base score

2026-04-30

Published

CWE codes

CWE-611

Sources

NIST NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-36765