Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server.Referenceshttps://bugzilla.redhat.com/show_bug.cgi?id=1555429
