CVE-2026-44417

A flaw was found in Apache CXF. Untrusted users, if allowed to configure Java Message Service JMS for Apache CXF, can exploit this vulnerability to achieve remote code execution RCE. This issue arises from an incomplete fix for a prior security flaw, indicating an alternative path that could lead...

Apache CXF < 3.6.11 / 4.0.x < 4.1.6 / 4.2.x < 4.2.1 Multiple Vulnerabilities

The version of Apache CXF installed on the remote host is affected by multiple vulnerabilities: - The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted use...

CVE-2026-44417

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.1...

PT-2026-42753

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.1...

org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability

A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...

Security Bulletin: JMS messaging configuration vulnerability in WebSphere Application Server Liberty affects IBM Spectrum Protect Operations Center (CVE-2025-36124)

Summary IBM WebSphere Application Server Liberty is vulnerable to JMS messaging configuration attack which can affect IBM Spectrum Protect formerly Tivoli Storage Manager Operations Center. Vulnerability Details CVEID:CVE-2025-36124 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3...

Security Bulletin: IBM Maximo Application Suite Predict Component uses could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration.

Summary Security Bulletin: IBM Maximo Application Suite Predict Component uses could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Detai...

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2025-36124) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-36124 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security...

EUVD-2025-23982

Malicious code in bioql PyPI...

org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability

A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...

Remote Code Execution (RCE)

org.apache.cxf:cxf-rt-transports-jms is vulnerable to Remote Code Execution RCE. The vulnerability is due to allowing untrusted users to configure JMS with RMI or LDAP URLs, which could be abused for code execution...

IBM WebSphere Application Server Liberty 安全漏洞

IBM WebSphere Application Server Liberty is a Java application server from International Business Machines IBM built on top of the Open Liberty project. A security vulnerability exists in IBM WebSphere Application Server Liberty versions 17.0.0.3 through 25.0.0.8, which stems from a failure to...

GHSA-G4PX-6QHM-HQJM Apache CXF: Untrusted JMS configuration can lead to RCE

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8...

CVE-2025-48913

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8...

CVE-2025-48913

CVE-2025-48913 affects Apache CXF where untrusted users configuring JMS could exploit RMI/LDAP URLs to achieve code execution. The issue arises from CXF JMS configuration allowing unsafe protocols; the interface now rejects those protocols to remove the possibility of remote code execution. Publi...

Apache CXF 安全漏洞

Apache CXF is an open source Web services framework from the US Apache Apache Foundation. The framework supports a variety of Web service standards, a variety of front-end programming APIs, and so on. A security vulnerability exists in Apache CXF that stems from allowing the use of RMI or LDAP UR...