CVE Catalog

CVE-2026-45434

Critical
Published: Translated: NVD NIST

Summary

CVE-2026-45434 in Apache OFBiz has a flaw in password-change logic that can lead to remote code execution. This issue affects versions before 24.09.06.

Risk Assessment

Improper authentication may allow attackers to execute code remotely, posing a serious threat to the security of the system and the organization's data.

Recommendation

It is recommended to upgrade to version 24.09.06, which fixes this vulnerability.

Original NVD description (English source)

Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS