CVE-2026-50633

Gravedad:

Pendiente de análisis

Tipo:

CWE-20 Validación incorrecta de entrada

Fecha de publicación:

12/06/2026

Última modificación:

12/06/2026

Descripción

*** Pendiente de traducción *** A JNDI Injection vulnerability has been discovered in Apache CXF&#39;s JCA integration module, which can allow for code execution, if an attacker is able to manipulate the JCA deployment descriptor (ra.xml) or runtime activation parameters. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fixes this issue.

Impacto

Referencias a soluciones, herramientas e información

https://lists.apache.org/thread/1czhgovkgzdkyp3t61wthn0foogh2grf
http://www.openwall.com/lists/oss-security/2026/06/11/10