CVE-2026-50223
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk46th percentile - higher than 46% of all known CVEs
Summary
CVE-2026-50223 in Apache OFBiz has an improper control of code generation vulnerability, allowing low-privileged authenticated users to perform template injection attacks. This could lead to Remote Code Execution.
Risk Assessment
The organization may face serious security risks, including the potential for unauthorized users to execute malicious code remotely.
Recommendation
It is recommended to upgrade to version 24.09.07, which fixes the issue.
Original NVD description (English source)
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before 24.09.07. Users are recommended to upgrade to version 24.09.07, which fixes the issue.

