CVE Catalog

CVE-2026-31986

Critical
Published: Translated: NVD NIST

Summary

Use of hard-coded cryptographic key vulnerability in Apache OFBiz. This issue affects versions before 24.09.06.

Risk Assessment

Exploitation of this vulnerability may lead to data compromise as the cryptographic key is static and easily guessable.

Recommendation

Users are recommended to upgrade to version 24.09.06, which fixes the issue.

Original NVD description (English source)

Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS