CVE-2026-31910

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 24.09.06

Description Improper input validation in UI Factory Classes leads to Server-Side Request Forgery (SSRF), a flaw where an attacker can induce the server to make requests to an unintended location, and blind file access.

Recommendations Upgrade to version 24.09.06.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2026-31910

Affected Products

Apache Ofbiz

CVE-2026-31910

Weakness Enumeration

Related Identifiers

Affected Products

References · 4