QSearchQSearch

CVE-2026-50628

A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests fr...

Published: 2026-06-12 · Last updated: 2026-06-12

Severity and scoring

CWE
CWE-20

Description

A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP address. Enabling this security feature inadvertently creates an inverse security check. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fixes this issue.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-45013 ApostropheCMS is an open-source Node.js content management system (8.1 HIGH)
  • CVE-2026-54133 jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP app... (9.8 CRITICAL)
  • CVE-2026-47196 Quest Bot is an opensource Discord Bot
  • CVE-2026-50633 A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an atta... (8.1 HIGH)
  • CVE-2026-50632 A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE) for Apache CXF has been ide... (8.1 HIGH)