Server-Side Request Forgery in Apache OFBiz by Apache
CVE-2026-29226

7.3HIGH

Key Information:

Vendor: Apache
Status: Apache Ofbiz
Vendor: CVE Published:; 19 May 2026

What is CVE-2026-29226?

A Server-Side Request Forgery (SSRF) vulnerability exists in Apache OFBiz that allows attackers to manipulate request handling, potentially accessing internal services that should be protected. This vulnerability affects versions of Apache OFBiz released before 24.09.06. Users are strongly encouraged to upgrade to the latest version to ensure their systems are secure and to prevent unauthorized access to sensitive data.

Affected Version(s)

Apache OFBiz 0 < 24.09.06

References

https://lists.apache.org/thread/6707wys8jxzmowxggn4cmtwwk...

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2026
Vulnerability Reserved
Mar 4, 2026

Credit

Lidor B / thisis0xczar of Novee Security

Sho Odagiri of GMO Cybersecurity by Ierae, Inc.

duanjinshi@163.com

CVE-2026-29226 Data

JSON