7.5
CVE-2026-44417
- EPSS 0.64%
- Veröffentlicht 22.05.2026 12:17:25
- Zuletzt bearbeitet 10.07.2026 12:16:57
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Apache CXF: Incomplete fix for CVE-2025-48913 (Untrusted JMS configuration can lead to RCE)
The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.64% | 0.461 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 1.6 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.5 | 1.6 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-15 External Control of System or Configuration Setting
One or more system settings or configuration elements can be externally controlled by a user.
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://lists.apache.org/thread/bqg6gjy2cx7rfyqjxcpv3jwjvmclvz4o
https://bugzilla.redhat.com/show_bug.cgi?id=2480729
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44417.json
https://access.redhat.com/errata/RHSA-2026:37390
https://access.redhat.com/security/cve/CVE-2026-44417