Wso2 Security Vulnerabilities (CVEs)
Track 31 security vulnerabilities affecting Wso2 products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability allows a malicious actor to take over local user accounts when federated authentication with Silent Just-In-Time Provisioning is en...
Feb 24, 2026This critical vulnerability allows attackers with admin privileges to inject and execute arbitrary template code in server-side templates due to a vul...
Feb 19, 2026A missing authentication enforcement vulnerability in WSO2 products allows unauthenticated access to System REST APIs and SOAP services when mutual TL...
Nov 18, 2025This CSRF vulnerability in WSO2 products allows attackers to trick authenticated users into performing unintended administrative actions by clicking m...
Nov 18, 2025This CVE describes an arbitrary code execution vulnerability in WSO2 integration products where authenticated users with elevated privileges (administ...
Nov 5, 2025An arbitrary file upload vulnerability in WSO2 products allows authenticated administrators to upload malicious files to user-controlled locations via...
Nov 5, 2025An XML External Entity (XXE) vulnerability in multiple WSO2 products allows attackers to read sensitive server files or cause denial-of-service. The v...
Nov 5, 2025An arbitrary file upload vulnerability in WSO2 products allows authenticated admin users to upload malicious files to server locations they control, p...
Nov 5, 2025An authentication bypass vulnerability in WSO2 Management Console allows attackers with console access to manipulate request URIs and access restricte...
Oct 24, 2025This vulnerability allows attackers to perform SSRF attacks and execute reflected XSS in WSO2 products through the deprecated Try-It feature. Only adm...
Oct 24, 2025An improper access control vulnerability in WSO2 Enterprise Integrator allows low-privileged users to access internal SOAP admin services for system l...
Oct 16, 2025This vulnerability allows unauthenticated attackers to generate administrative access tokens in WSO2 API Manager by exploiting missing authentication/...
Oct 16, 2025This critical vulnerability in WSO2 products allows attackers to bypass authentication and authorization checks for certain REST APIs, enabling unauth...
Oct 16, 2025A cross-tenant authentication vulnerability in WSO2 products allows privileged users in one tenant to forge authentication cookies for users in other ...
Sep 23, 2025This content spoofing vulnerability in WSO2 products allows attackers to inject arbitrary content into error messages displayed in the browser UI. By ...
Sep 23, 2025This CVE describes an authenticated remote code execution vulnerability in WSO2 products where administrators can deploy malicious Java code through S...
Sep 23, 2025This CVE describes an information disclosure vulnerability in WSO2 products where authenticated users can access sensitive business data from other me...
Sep 23, 2025This CVE describes an authorization bypass vulnerability in WSO2 products that allows authenticated users with management console access to retrieve v...
Jun 23, 2025This CVE describes a server-side request forgery (SSRF) vulnerability in multiple WSO2 products that allows unauthenticated attackers to manipulate se...
Jun 2, 2025A reflected XSS vulnerability in WSO2 products allows attackers to inject malicious JavaScript via JDBC user store connection validation error message...
Jun 2, 2025An open redirection vulnerability in WSO2 products allows attackers to craft malicious authentication links that redirect users to attacker-controlled...
Jun 2, 2025This vulnerability allows attackers to create unauthorized user accounts in WSO2 products regardless of self-registration settings. It affects WSO2 pr...
May 30, 2025A reflected cross-site scripting (XSS) vulnerability in WSO2 authentication endpoints allows attackers to inject malicious JavaScript into the authent...
May 22, 2025This vulnerability allows attackers to bypass app-native authentication in WSO2 Identity Server 7.0.0 by passing invalid objects. Organizations using ...
May 22, 2025This vulnerability allows attackers to reset any user's password via a flawed SOAP admin service in WSO2 products, leading to complete account takeove...
May 22, 2025This CVE describes an XML External Entity (XXE) vulnerability in multiple WSO2 products due to improper XML parser configuration. It allows remote una...
May 5, 2025A Cross-Site Request Forgery (CSRF) vulnerability in WSO2 Enterprise Integrator 6.6.0 management console allows attackers to trick authenticated users...
Feb 27, 2025This vulnerability allows attackers to bypass authorization in WSO2 products by using refresh tokens instead of access tokens to access protected APIs...
Feb 27, 2025This vulnerability in WSO2 products allows attackers to impersonate legitimate users through JIT provisioning flaws. Organizations using WSO2 products...
Dec 15, 2023This CVE describes an XML External Entity (XXE) vulnerability in WSO2 API Manager and Identity Server management consoles. Attackers can exploit it vi...
May 11, 2022CVE-2022-29464 is a critical unrestricted file upload vulnerability in multiple WSO2 products that allows attackers to upload malicious files to web-a...
Apr 18, 2022Why Monitor Wso2 Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 31+ known vulnerabilities affecting Wso2 products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Wso2 packages in under 60 seconds. No agents required - completely agentless scanning that works across Wso2 deployments.
Free vulnerability database: Access detailed information about every Wso2 CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Wso2 CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
