Vulnerability Details CVE-2026-50634
A vulnerability in Apache CXF's JwsJsonContainerRequestFilter can be exploited to cause CXF to process metadata that was not authenticated by the accepted signature. This can bypass the application's assumption
that accepted `Content-Type` or protected HTTP-header metadata came from a verified signature entry, and may steer downstream JAX-RS entity parsing or signed-header consistency checks. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.0%
CVSS Severity
CVSS v3 Score 6.5