πŸ” CVE Alert

CVE-2026-50633

UNKNOWN 0.0

Apache CXF: JNDI Injection vulnerability in DispatchMDBMessageListenerImpl

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an attacker is able to manipulate the JCA deployment descriptor (ra.xml) or runtime activation parameters.Β Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fixes this issue.

CWE CWE-20
Vendor apache software foundation
Product apache cxf
Published Jun 12, 2026
Last Updated Jun 12, 2026
Stay Ahead of the Next One

Get instant alerts for apache software foundation apache cxf

Be the first to know when new unknown vulnerabilities affecting apache software foundation apache cxf are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

Apache Software Foundation / Apache CXF
4.2.0 < 4.2.2 0 < 4.1.7

References

NVD β†— CVE.org β†— EPSS Data β†—
lists.apache.org: https://lists.apache.org/thread/1czhgovkgzdkyp3t61wthn0foogh2grf openwall.com: http://www.openwall.com/lists/oss-security/2026/06/11/10

Credits

Venkatraman Kumar (r3dw0lfsec), Securin