1078 matches found
CVE-2026-50633 Apache CXF: JNDI Injection vulnerability in DispatchMDBMessageListenerImpl
A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an attacker is able to manipulate the JCA deployment descriptor ra.xml or runtime activation parameters. Users are recommended to upgrade to versions 4.2.2 or 4.1.7,...
CVE-2026-50633 Apache CXF: JNDI Injection vulnerability in DispatchMDBMessageListenerImpl
A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an attacker is able to manipulate the JCA deployment descriptor ra.xml or runtime activation parameters. Users are recommended to upgrade to versions 4.2.2 or 4.1.7,...
CVE-2026-50632
CVE-2026-50632 : Apache CXF exposes a JNDI Injection vulnerability in the JMSConfigFactory. The issue arises when untrusted users configure JMS, potentially allowing code execution. Affected versions are addressed by upgrades to 4.2.2 or 4.1.7. The NVD/CVEs and related feeds document this as a co...
CVE-2026-50632 Apache CXF: JNDI Injection Vulnerability in JMSConfigFactory
A further incomplete fix for a previous advisory CVE-2026-44417 Untrusted JMS configuration can lead to RCE for Apache CXF has been identified, which can allow code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions...
CVE-2026-50632 Apache CXF: JNDI Injection Vulnerability in JMSConfigFactory
A further incomplete fix for a previous advisory CVE-2026-44417 Untrusted JMS configuration can lead to RCE for Apache CXF has been identified, which can allow code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions...
EUVD-2026-36400
A further incomplete fix for a previous advisory CVE-2026-44417 Untrusted JMS configuration can lead to RCE for Apache CXF has been identified, which can allow code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions...
CVE-2026-50632 Apache CXF: JNDI Injection Vulnerability in JMSConfigFactory
A further incomplete fix for a previous advisory CVE-2026-44417 Untrusted JMS configuration can lead to RCE for Apache CXF has been identified, which can allow code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions...
CVE-2026-50631
CVE-2026-50631 : A TOCTOU race condition in Apache CXF's AbstractOAuthDataProvider allows concurrent requests to reuse the same Refresh Token when recycleRefreshTokens is false, bypassing single-use semantics and generating multiple valid Access Tokens. This can enable token replay/abuse by multi...
CVE-2026-50631 Apache CXF: OAuth2: TOCTOU Race Condition in Refresh Token Processing
A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by multiple attackers or...
CVE-2026-50631 Apache CXF: OAuth2: TOCTOU Race Condition in Refresh Token Processing
A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by multiple attackers or...
CVE-2026-50631 Apache CXF: OAuth2: TOCTOU Race Condition in Refresh Token Processing
A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by multiple attackers or...
CVE-2026-50630 Apache CXF: OAuth2: HTTP Response Splitting via WWW-Authenticate Realm Injection
A CRLF injection vulnerability exists in the OAuth2 AuthorizationUtils class. When constructing the WWW-Authenticate response header, the 'realm' parameter is concatenated without sanitizing Carriage Return CR and Line Feed LF characters. If an attacker can control the realm value, they can injec...
CVE-2026-50630 Apache CXF: OAuth2: HTTP Response Splitting via WWW-Authenticate Realm Injection
A CRLF injection vulnerability exists in the OAuth2 AuthorizationUtils class. When constructing the WWW-Authenticate response header, the 'realm' parameter is concatenated without sanitizing Carriage Return CR and Line Feed LF characters. If an attacker can control the realm value, they can injec...
CVE-2026-50630
The CVE-2026-50630 issue affects Apache CXF’s OAuth2 implementation, where the AuthorizationUtils class concatenates the realm parameter into the WWW-Authenticate header without sanitizing CR/LF characters. This can enable header injection or HTTP response splitting if an attacker controls the re...
CVE-2026-50630 Apache CXF: OAuth2: HTTP Response Splitting via WWW-Authenticate Realm Injection
A CRLF injection vulnerability exists in the OAuth2 AuthorizationUtils class. When constructing the WWW-Authenticate response header, the 'realm' parameter is concatenated without sanitizing Carriage Return CR and Line Feed LF characters. If an attacker can control the realm value, they can injec...
CVE-2026-50629 Apache CXF: OAuth2: Log Injection via Unsanitized Client Identifier
The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are recommended to upgra...
CVE-2026-50629 Apache CXF: OAuth2: Log Injection via Unsanitized Client Identifier
The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are recommended to upgra...
CVE-2026-50629 Apache CXF: OAuth2: Log Injection via Unsanitized Client Identifier
The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are recommended to upgra...
CVE-2026-50629
The CVE-2026-50629 issue affects Apache CXF’s OAuth2 server where the 'clientId' from HTTP requests is concatenated into log warning messages without sanitizing control characters. This creates log injection risk by allowing arbitrary content in logs. Root cause: unsanitized control characters in...
CVE-2026-50628 Apache CXF: OAuth2: Inverted IP Binding Check Defeats Security Control
A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP address. Enabling this security feature inadvertently creates an inverse security check. Users are recommended to upgrade to versions 4.2.2 or...