CVE-2022-41704

CVE-2022-41704: Apache Batik prior to 1.16 allows RCE when loading untrusted SVG input

Vendor Apache Software Foundation

Product Apache XML Graphics

Published October 25, 2022

Last update February 25, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.

Key dates

Disclosure timeline

October 25, 2022 CVE published

February 25, 2026 Record updated