Close Menu
    Subscribe
    Alerts

    CVE-2026-46586 | THREATINT

    adminBy No Comments1 Min Read


    Home

    Description

    Improper Control of Generation of Code (‘Code Injection’), Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

    PUBLISHED Reserved 2026-05-15 | Published 2026-05-19 | Updated 2026-05-19 | Assigner apache

    Problem types

    CWE-94 Improper Control of Generation of Code (‘Code Injection’)

    CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)

    Product status

    Default status
    unaffected

    Any version before 24.09.06
    affected

    Credits

    lwd3c finder

    References

    lists.apache.org/thread/7mgjl81nrpxqtfcg6h5qtrx7wztbl4js vendor-advisory

    cve.org (CVE-2026-46586)

    nvd.nist.gov (CVE-2026-46586)

    Download JSON



    Source link

    Share.

    Related Posts

    Add A Comment

    Comments are closed.