This issue is opened for updating the CVE list for 26.0.0.4 to include the following
|https://www.cve.org/CVERecord?id=CVE-2025-14915[CVE-2025-14915]
|6.5
|Privilege escalation
|17.0.0.3-26.0.0.3
|26.0.0.4
|Affects the feature:restConnector-2.0 feature
|https://www.cve.org/CVERecord?id=CVE-2025-14917[CVE-2025-14917]
|6.7
|Weaker security
|17.0.0.3-26.0.0.3
|26.0.0.4
|Affects the feature:appSecurity-1.0, feature:appSecurity-2.0, feature:appSecurity-3.0, feature:appSecurity-4.0, and feature:appSecurity-5.0 features
|https://www.cve.org/CVERecord?id=CVE-2026-1561[CVE-2026-1561]
|5.4
|Server-side request forgery
|17.0.0.3-26.0.0.3
|26.0.0.4
|Affects the feature:samlWeb-2.0 feature
|https://www.cve.org/CVERecord?id=CVE-2026-29063[CVE-2026-29063]
|8.7
|Prototype pollution
|17.0.0.3-26.0.0.3
|26.0.0.4
|Affects the feature:openapi-3.1, feature:mpOpenAPI-1.0, feature:mpOpenAPI-1.1, feature:mpOpenAPI-2.0, feature:mpOpenAPI-3.0 feature:mpOpenAPI-3.1, feature:mpOpenAPI-4.0 and feature:mpOpenAPI-4.1 features
This issue is opened for updating the CVE list for 26.0.0.4 to include the following
|https://www.cve.org/CVERecord?id=CVE-2025-14915[CVE-2025-14915]
|6.5
|Privilege escalation
|17.0.0.3-26.0.0.3
|26.0.0.4
|Affects the feature:restConnector-2.0 feature
|https://www.cve.org/CVERecord?id=CVE-2025-14917[CVE-2025-14917]
|6.7
|Weaker security
|17.0.0.3-26.0.0.3
|26.0.0.4
|Affects the feature:appSecurity-1.0, feature:appSecurity-2.0, feature:appSecurity-3.0, feature:appSecurity-4.0, and feature:appSecurity-5.0 features
|https://www.cve.org/CVERecord?id=CVE-2026-1561[CVE-2026-1561]
|5.4
|Server-side request forgery
|17.0.0.3-26.0.0.3
|26.0.0.4
|Affects the feature:samlWeb-2.0 feature
|https://www.cve.org/CVERecord?id=CVE-2026-29063[CVE-2026-29063]
|8.7
|Prototype pollution
|17.0.0.3-26.0.0.3
|26.0.0.4
|Affects the feature:openapi-3.1, feature:mpOpenAPI-1.0, feature:mpOpenAPI-1.1, feature:mpOpenAPI-2.0, feature:mpOpenAPI-3.0 feature:mpOpenAPI-3.1, feature:mpOpenAPI-4.0 and feature:mpOpenAPI-4.1 features