CVE-2026-50633
A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an attacke
CVSS
8.1
High
EPSS
0.8%
p53
KEV
—
Exploit Today
16
0-100
Published: Jun 12, 2026 · Last modified: Jul 15, 2026 · CWE-20 · CWE-502
0.8%EPSS · 30 days0.8%
2026-06-302026-07-16
A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an attacker is able to manipulate the JCA deployment descriptor (ra.xml) or runtime activation parameters. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fixes this issue.
- lists.apache.orghttps://lists.apache.org/thread/1czhgovkgzdkyp3t61wthn0foogh2grf
- www.openwall.comhttp://www.openwall.com/lists/oss-security/2026/06/11/10
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:37390
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2026-50633
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2488307
- security.access.redhat.comhttps://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-50633.json
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2021-422379.8 CRI99.9%
KEV—80Sitecore XP Remote Command Execution Vulnerability8dCVE-2026-341978.8 HIG99.9%
KEV—80Apache ActiveMQ Improper Input Validation Vulnerability3dCVE-2026-456598.8 HIG86.8%
KEV—76Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability15dCVE-2026-125699.8 CRI66.0%
KEV—70PTC Windchill and FlexPLM Improper Input Validation Vulnerability17dCVE-2026-505229.8 CRI97.2%
——29Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.2dCVE-2025-607877.2 HIG97.0%
——29MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted.13d