All vulnerabilities
CVE-2025-68493
Apache Struts 2 is Missing XML Validation
Description
Missing XML Validation vulnerability in Apache Struts, Apache Struts.
This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.
Users are recommended to upgrade to version 6.1.1, which fixes the issue.
Patch Available
Fix available through Seal Security.
No upgrade required, protect your application instantly.
Fix without upgrading
Score
8.1
Severity
High
Ecosystem
Java
Publish Date
January 11, 2026
Modified Date
February 2, 2026
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Affected Versions
