🔐 CVE Alert

CVE-2026-44417

HIGH 7.5

Apache CXF: Incomplete fix for CVE-2025-48913 (Untrusted JMS configuration can lead to RCE)

CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.

CWE CWE-20
Vendor apache software foundation
Product apache cxf
Published May 22, 2026
Last Updated May 23, 2026
Stay Ahead of the Next One

Get instant alerts for apache software foundation apache cxf

Be the first to know when new high vulnerabilities affecting apache software foundation apache cxf are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Apache Software Foundation / Apache CXF
4.2.0 < 4.2.1 4.0.0 < 4.1.6 0 < 3.6.11

References

NVD ↗ CVE.org ↗ EPSS Data ↗
lists.apache.org: https://lists.apache.org/thread/bqg6gjy2cx7rfyqjxcpv3jwjvmclvz4o

Credits

Github / twitter - https://github.com/exploitintel / @exploit_intel