Vulnerability Details CVE-2026-50223
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution.
This issue affects Apache OFBiz: before 24.09.07.
Users are recommended to upgrade to version 24.09.07, which fixes the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.8%
CVSS Severity
CVSS v3 Score 8.8