CVE-2026-50633

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Apache CXF versions prior to 4.2.2 Apache CXF versions prior to 4.1.7

Description A JNDI Injection issue exists in the JCA integration module. This occurs when an attacker can manipulate the JCA deployment descriptor ('ra.xml') or runtime activation parameters, potentially leading to remote code execution. JNDI (Java Naming and Directory Interface) is an API that allows applications to discover and look up data and objects via different naming and directory services.

Recommendations Upgrade to version 4.2.2. Upgrade to version 4.1.7.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2026-50633

Affected Products

Apache Cxf

CVE-2026-50633

Weakness Enumeration

Related Identifiers

Affected Products

References · 4