There are currently three support bundle components that use SecretHandler#findSecrets, which uses a standard XML transformer that does not protect against XXE attacks: ConfigFileComponent, AgentsConfigFile, and OtherConfigFilesComponent.

ConfigFileComponent and AgentsConfigFile process files controlled by Jenkins core, and there is no way for a non-admin to modify the contents of the files they process except through XStream, which prevents XXE attacks.

OtherConfigFilesComponent includes all files in $JENKINS_HOME that end with .xml except for credentials.xml and config.xml. If a plugin allows non-admin users to directly change the contents of a file (not using XStream) that ends with .xml in $JENKINS_HOME then that would allow an attacker to store an XXE attack for later execution when an admin generates a bundle that includes the OtherConfigFilesComponent.

Any plugin that gives non-admin users unrestricted access to a file in Jenkins home is likely a problem by itself, and only admins can install plugins, so I don't consider this to be a problem in practice. Even so, it is easy enough to harden the plugin against this type of issue just in case.