8.1
CVE-2026-50633
- EPSS 0.78%
- Veröffentlicht 12.06.2026 09:02:02
- Zuletzt bearbeitet 30.06.2026 03:20:48
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Apache CXF: JNDI Injection vulnerability in DispatchMDBMessageListenerImpl
A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an attacker is able to manipulate the JCA deployment descriptor (ra.xml) or runtime activation parameters. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fixes this issue.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.78% | 0.514 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
https://lists.apache.org/thread/1czhgovkgzdkyp3t61wthn0foogh2grf
http://www.openwall.com/lists/oss-security/2026/06/11/10
https://access.redhat.com/security/cve/CVE-2026-50633
https://bugzilla.redhat.com/show_bug.cgi?id=2488307
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-50633.json