CVE-2026-46586
published 2026-05-19CVE-2026-46586: Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to version 24.09.06, which fixes the issue.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | ofbiz | < 24.09.06 | 24.09.06 |
| apache_software_foundation | apache_ofbiz | < 24.09.06 | 24.09.06 |