QSearchQSearch

CVE-2026-50223

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with C...

Published: 2026-06-10 · Last updated: 2026-06-10

Severity and scoring

CWE
CWE-94

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before 24.09.07. Users are recommended to upgrade to version 24.09.07, which fixes the issue.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-45558 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers (9.9 CRITICAL)
  • CVE-2026-46517 LMDeploy is a toolkit for compressing, deploying, and serving large language models (7.8 HIGH)
  • CVE-2026-46432 LMDeploy is a toolkit for compressing, deploying, and serving large language models (7.8 HIGH)
  • CVE-2026-47292 Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally (7.8 HIGH)
  • CVE-2026-45583 Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code ov... (7.5 HIGH)