Every CVE whose affected-product data names Apache Neethi, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2026-42402 — CVSS 7.5 (high): Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted…
CVE-2026-42403 — CVSS 7.5 (high): Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy…
CVE-2026-42404 — CVSS 6.5 (medium): Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API…