7.5

CVE-2026-44417

Apache CXF: Incomplete fix for CVE-2025-48913 (Untrusted JMS configuration can lead to RCE)

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. 
Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheCxf Version < 3.6.11
ApacheCxf Version >= 4.0.0 < 4.1.6
ApacheCxf Version4.2.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.64% 0.461
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-15 External Control of System or Configuration Setting

One or more system settings or configuration elements can be externally controlled by a user.

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://lists.apache.org/thread/bqg6gjy2cx7rfyqjxcpv3jwjvmclvz4o
Vendor Advisory
Mailing List
https://bugzilla.redhat.com/show_bug.cgi?id=2480729
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44417.json
https://access.redhat.com/errata/RHSA-2026:37390
https://access.redhat.com/security/cve/CVE-2026-44417