Apache · Apache Ofbiz · CVE-2026-31910
**Name of the Vulnerable Software and Affected Versions**
Apache OFBiz versions prior to 24.09.06
**Description**
Improper input validation in UI Factory Classes leads to Server-Side Request Forgery (SSRF), a flaw where an attacker can induce the server to make requests to an unintended location, and blind file access.
**Recommendations**
Upgrade to version 24.09.06.