JNDI Injection Vulnerability in Apache CXF's JCA Integration Module
CVE-2026-50633
8.1HIGH
What is CVE-2026-50633?
A JNDI Injection vulnerability has been identified in the JCA integration module of Apache CXF, enabling potential code execution if attackers gain the ability to manipulate the JCA deployment descriptor (ra.xml) or the activation parameters at runtime. Users are strongly advised to update to the latest versions 4.2.2 or 4.1.7 to mitigate this security risk and ensure secure application performance.
Affected Version(s)
Apache CXF 4.2.0 < 4.2.2
Apache CXF 0 < 4.1.7