CVE-2026-50632 | THREATINT

Description

A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE) for Apache CXF has been identified, which can allow code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fixes this issue.

PUBLISHED Reserved 2026-06-05 | Published 2026-06-12 | Updated 2026-06-13 | Assigner apache

Problem types

CWE-20 Improper Input Validation

Product status

Default status

unaffected

4.2.0 (semver) before 4.2.2

affected

Any version before 4.1.7

affected

Credits

Venkatraman Kumar (r3dw0lfsec), Securin finder

References

lists.apache.org/thread/740ghch5z5y675cn2kzgtyo5k37n6qcw vendor-advisory

cve.org (CVE-2026-50632)

nvd.nist.gov (CVE-2026-50632)

Download JSON