Lucene search
K

1068 matches found

Vulnrichment
Vulnrichment
added 2026/06/12 9:0 a.m.21 views

CVE-2026-50632 Apache CXF: JNDI Injection Vulnerability in JMSConfigFactory

A further incomplete fix for a previous advisory CVE-2026-44417 Untrusted JMS configuration can lead to RCE for Apache CXF has been identified, which can allow code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions...

5.7AI score0.00646EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 9:0 a.m.36 views

CVE-2026-50632

CVE-2026-50632 : Apache CXF exposes a JNDI Injection vulnerability in the JMSConfigFactory. The issue arises when untrusted users configure JMS, potentially allowing code execution. Affected versions are addressed by upgrades to 4.2.2 or 4.1.7. The NVD/CVEs and related feeds document this as a co...

8.8CVSS5.8AI score0.00646EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/12 8:59 a.m.35 views

CVE-2026-50631 Apache CXF: OAuth2: TOCTOU Race Condition in Refresh Token Processing

A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by multiple attackers or...

0.00294EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:59 a.m.8 views

CVE-2026-50631 Apache CXF: OAuth2: TOCTOU Race Condition in Refresh Token Processing

A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by multiple attackers or...

5.2AI score0.00294EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:59 a.m.42 views

CVE-2026-50631

CVE-2026-50631 : A TOCTOU race condition in Apache CXF's AbstractOAuthDataProvider allows concurrent requests to reuse the same Refresh Token when recycleRefreshTokens is false, bypassing single-use semantics and generating multiple valid Access Tokens. This can enable token replay/abuse by multi...

7.4CVSS5.3AI score0.00294EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/12 8:58 a.m.28 views

CVE-2026-50630

The CVE-2026-50630 issue affects Apache CXF’s OAuth2 implementation, where the AuthorizationUtils class concatenates the realm parameter into the WWW-Authenticate header without sanitizing CR/LF characters. This can enable header injection or HTTP response splitting if an attacker controls the re...

6.5CVSS5.5AI score0.00404EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/12 8:58 a.m.29 views

CVE-2026-50630 Apache CXF: OAuth2: HTTP Response Splitting via WWW-Authenticate Realm Injection

A CRLF injection vulnerability exists in the OAuth2 AuthorizationUtils class. When constructing the WWW-Authenticate response header, the 'realm' parameter is concatenated without sanitizing Carriage Return CR and Line Feed LF characters. If an attacker can control the realm value, they can injec...

0.00404EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:58 a.m.8 views

CVE-2026-50630 Apache CXF: OAuth2: HTTP Response Splitting via WWW-Authenticate Realm Injection

A CRLF injection vulnerability exists in the OAuth2 AuthorizationUtils class. When constructing the WWW-Authenticate response header, the 'realm' parameter is concatenated without sanitizing Carriage Return CR and Line Feed LF characters. If an attacker can control the realm value, they can injec...

5.4AI score0.00404EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 8:57 a.m.30 views

CVE-2026-50629 Apache CXF: OAuth2: Log Injection via Unsanitized Client Identifier

The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are recommended to upgra...

0.0047EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:57 a.m.10 views

CVE-2026-50629 Apache CXF: OAuth2: Log Injection via Unsanitized Client Identifier

The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are recommended to upgra...

5.3AI score0.0047EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:57 a.m.28 views

CVE-2026-50629

The CVE-2026-50629 issue affects Apache CXF’s OAuth2 server where the 'clientId' from HTTP requests is concatenated into log warning messages without sanitizing control characters. This creates log injection risk by allowing arbitrary content in logs. Root cause: unsanitized control characters in...

5.3CVSS5.4AI score0.0047EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/12 8:56 a.m.32 views

CVE-2026-50628 Apache CXF: OAuth2: Inverted IP Binding Check Defeats Security Control

A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP address. Enabling this security feature inadvertently creates an inverse security check. Users are recommended to upgrade to versions 4.2.2 or...

0.00629EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:56 a.m.5 views

CVE-2026-50628 Apache CXF: OAuth2: Inverted IP Binding Check Defeats Security Control

A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP address. Enabling this security feature inadvertently creates an inverse security check. Users are recommended to upgrade to versions 4.2.2 or...

5.2AI score0.00629EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:56 a.m.46 views

CVE-2026-50628

CVE-2026-50628 concerns Apache CXF’s OAuthRequestFilter, where a logic error creates an inverted IP binding check: legitimate requests from the bound IP are rejected while requests from other IPs are allowed. Red Hat’s advisory attributes this to the OAuthRequestFilter component of CXF and notes ...

9.8CVSS5.3AI score0.00629EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/06/12 8:55 a.m.38 views

CVE-2026-50627 Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator

The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' Audience claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users...

0.00418EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:55 a.m.8 views

EUVD-2026-36395

The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' Audience claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users...

5.1AI score0.00418EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:55 a.m.6 views

CVE-2026-50627 Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator

The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' Audience claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users...

5.2AI score0.00418EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:55 a.m.30 views

CVE-2026-50627

The CVE-2026-50627 issue affects Apache CXF’s JwtAccessTokenValidator, which fails to validate the aud (Audience) claim in incoming JWT access tokens. As described in multiple sources (NVD/Red Hat/CVE List/etc.), a token issued for one Resource Server could be replayed against a different Resourc...

9.1CVSS5.2AI score0.00418EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/06/12 8:54 a.m.52 views

CVE-2026-49875 Apache CXF: XML External Entity (XXE) Injection in W3CMultiSchemaFactory and EndpointReferenceUtils

Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurations, enabling out-of-band OOB external entity resolution. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue...

0.00485EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:54 a.m.16 views

EUVD-2026-36394

Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurations, enabling out-of-band OOB external entity resolution. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue...

5.2AI score0.00485EPSS
Exploits0References1
Rows per page
Query Builder