CVE-2026-31380

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 24.09.06

Description Improper Neutralization of Special Elements used in an Expression Language Statement, also known as Expression Language Injection, exists in Apache OFBiz. This issue involves a FreeMarker Server-Side Template Injection (SSTI), which is a vulnerability where an attacker can inject malicious code into a template that is then executed on the server, potentially leading to unauthorized command execution.

Recommendations Upgrade to version 24.09.06.