CVE-2026-50632
A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE) for Apache CXF has been identi
CVSS
8.1
High
EPSS
0.6%
p47
KEV
—
Exploit Today
14
0-100
Published: Jun 12, 2026 · Last modified: Jul 15, 2026 · CWE-20 · CWE-502
0.6%EPSS · 30 days0.6%
2026-06-302026-07-17
A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE) for Apache CXF has been identified, which can allow code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fixes this issue.
- lists.apache.orghttps://lists.apache.org/thread/740ghch5z5y675cn2kzgtyo5k37n6qcw
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:37390
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2026-50632
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2488304
- security.access.redhat.comhttps://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-50632.json
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2021-422379.8 CRI99.9%
KEV—80Sitecore XP Remote Command Execution Vulnerability8dCVE-2026-341978.8 HIG99.9%
KEV—80Apache ActiveMQ Improper Input Validation Vulnerability3dCVE-2026-456598.8 HIG86.8%
KEV—76Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability15dCVE-2026-586449.8 CRI70.7%
KEV—71Microsoft SharePoint Deserialization of Untrusted Data Vulnerability19hCVE-2026-125699.8 CRI66.0%
KEV—70PTC Windchill and FlexPLM Improper Input Validation Vulnerability17dCVE-2026-505229.8 CRI97.2%
——29Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.2d