CVE Catalog

CVE-2026-50223

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

46th percentile - higher than 46% of all known CVEs

Summary

CVE-2026-50223 in Apache OFBiz has an improper control of code generation vulnerability, allowing low-privileged authenticated users to perform template injection attacks. This could lead to Remote Code Execution.

Risk Assessment

The organization may face serious security risks, including the potential for unauthorized users to execute malicious code remotely.

Recommendation

It is recommended to upgrade to version 24.09.07, which fixes the issue.

Original NVD description (English source)

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before 24.09.07. Users are recommended to upgrade to version 24.09.07, which fixes the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS