PT-2026-48854 · Apache · Apache Cxf
Published
2026-06-12
·
Updated
2026-06-12
·
CVE-2026-50645
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Apache CXF versions prior to 4.1.7
Apache CXF versions prior to 4.2.2
Description
Apache CXF lacks restrictions on the number of attachment headers a message can contain during deserialization. This can lead to uncontrolled resource consumption, potentially resulting in a denial of service attack.
Recommendations
Upgrade to version 4.1.7.
Upgrade to version 4.2.2.
Fix
DoS
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Cxf