CVE-2026-50632

CVE Database · CVE-2026-50632

CVE-2026-50632

· HIGHAnalyzed

CVSS v3.1

8.1

EPSS

0.55%

Published

Jun 12, 2026

Modified

Jun 12, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE) for Apache CXF has been identified, which can allow code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fixes this issue.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-20

Affected Products (2)

apache · cxf (up to 4.1.7)vulnerable

apache · cxf (up to 4.2.2)vulnerable

References (1)

https://lists.apache.org/thread/740ghch5z5y675cn2kzgtyo5k37n6qcw

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs