PT-2026-48853 · Apache · Apache Cxf
Published
2026-06-12
·
Updated
2026-06-12
·
CVE-2026-50634
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Apache CXF versions prior to 4.2.2
Apache CXF versions prior to 4.1.7
Description
An issue in the
JwsJsonContainerRequestFilter allows the processing of metadata that was not authenticated by the accepted signature. This can bypass assumptions that protected HTTP-header metadata or the Content-Type originated from a verified signature entry, potentially influencing signed-header consistency checks or downstream JAX-RS entity parsing.Recommendations
Upgrade to version 4.2.2.
Upgrade to version 4.1.7.
Fix
Improper Verification of Cryptographic Signature
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Cxf