Not properly configured XML parsers are potentially vulnerable to XXE attacks. Adding these settings should prevent most of this attacks.
https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing
Solution:
https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#saxreader
Found with SonarQube