Apache · Apache Ofbiz · CVE-2026-46586
**Name of the Vulnerable Software and Affected Versions**
Apache OFBiz versions prior to 24.09.06
**Description**
Improper Control of Generation of Code (Code Injection) and Improper Neutralization of Directives in Dynamically Evaluated Code (Eval Injection) in the 'traverseContent' service allow authenticated Groovy code execution.
**Recommendations**
Upgrade to version 24.09.06.