Remote Code Execution in Apache CXF Due to Incomplete Fix
CVE-2026-50632
8.1HIGH
What is CVE-2026-50632?
An issue has been identified in Apache CXF where an incomplete fix for a previous advisory has been revealed. The vulnerability arises from untrusted configurations of JMS which can lead to potential remote code execution. If untrusted users are permitted to configure JMS settings, they may exploit this flaw, allowing them to execute arbitrary code. It is strongly recommended that users upgrade to versions 4.2.2 or 4.1.7 to mitigate this risk.
Affected Version(s)
Apache CXF 4.2.0 < 4.2.2
Apache CXF 0 < 4.1.7