Ubuntu Security Notices USN-8324-1 USN-8324-1: Apache Tika vulnerabilities Publication date 27 May 2026 Overview Several security issues were fixed in Apache Tika. Releases 22.04 LTS 20.04 LTS Open side navigation Close side navigation Packages Details Update instructions References Packages tika - A content analysis toolkit Details It was discovered that Apache Tika incorrectly handled XML external entities when parsing XFA content in PDF files. An attacker could possibly use this issue to obtain sensitive information or send malicious requests to internal resources or third-party servers. It was discovered that Apache Tika incorrectly handled XML external entities when parsing XFA content in PDF files. An attacker could possibly use this issue to obtain sensitive information or send malicious requests to internal resources or third-party servers. Update instructions In general, a standard system update will make all the necessary changes. Learn more about how to get the fixes. The problem can be corrected by updating your system to the following package versions: Ubuntu Release Package Version 22.04 LTS jammy libtika-java – 1.22-2+deb11u1build0.22.04.1 20.04 LTS focal libtika-java – 1.22-1ubuntu0.1~esm2 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. Reduce your security exposure Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines. Get Ubuntu Pro References CVE-2025-66516 CVE-2025-54988 CVE-2025-66516 CVE-2025-54988