{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-44417", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2026-05-06T14:29:28.897Z", "datePublished": "2026-05-22T12:17:25.102Z", "dateUpdated": "2026-05-23T03:55:40.449Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://repo.maven.apache.org/maven2", "defaultStatus": "unaffected", "packageName": "org.apache.cxf:cxf-rt-transports-jms", "product": "Apache CXF", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "4.2.1", "status": "affected", "version": "4.2.0", "versionType": "semver"}, {"lessThan": "4.1.6", "status": "affected", "version": "4.0.0", "versionType": "semver"}, {"lessThan": "3.6.11", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Github / twitter - https://github.com/exploitintel / @exploit_intel"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The fix for&nbsp;CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. <br>Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue."}], "value": "The fix for\u00a0CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. \nUsers are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue."}], "metrics": [{"other": {"content": {"text": "moderate"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2026-05-22T12:17:25.102Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/bqg6gjy2cx7rfyqjxcpv3jwjvmclvz4o"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache CXF: Incomplete fix for CVE-2025-48913 (Untrusted JMS configuration can lead to RCE)", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-05-22T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-44417"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-23T03:55:40.449Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-44417", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-05-22T13:04:36.934990Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-22T13:04:52.367Z"}}], "cna": {"title": "Apache CXF: Incomplete fix for CVE-2025-48913 (Untrusted JMS configuration can lead to RCE)", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Github / twitter - https://github.com/exploitintel / @exploit_intel"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "moderate"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache CXF", "versions": [{"status": "affected", "version": "4.2.0", "lessThan": "4.2.1", "versionType": "semver"}, {"status": "affected", "version": "4.0.0", "lessThan": "4.1.6", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "3.6.11", "versionType": "semver"}], "packageName": "org.apache.cxf:cxf-rt-transports-jms", "collectionURL": "https://repo.maven.apache.org/maven2", "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.apache.org/thread/bqg6gjy2cx7rfyqjxcpv3jwjvmclvz4o", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The fix for\u00a0CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. \nUsers are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.", "supportingMedia": [{"type": "text/html", "value": "The fix for&nbsp;CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. <br>Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2026-05-22T12:17:25.102Z"}}}, "cveMetadata": {"cveId": "CVE-2026-44417", "state": "PUBLISHED", "dateUpdated": "2026-05-22T13:05:13.820Z", "dateReserved": "2026-05-06T14:29:28.897Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2026-05-22T12:17:25.102Z", "assignerShortName": "apache"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*", "matchCriteriaId": "8DCCE6A7-E66B-4F7B-A2DF-151A03A4E23B", "versionEndExcluding": "3.6.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*", "matchCriteriaId": "06224182-D885-40EA-8521-FBAE6B764742", "versionEndExcluding": "4.1.6", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "FE4A2525-330D-47B0-8DC8-9E389BE58442", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The fix for\u00a0CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. \nUsers are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue."}], "id": "CVE-2026-44417", "lastModified": "2026-05-22T19:29:21.540", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-05-22T13:16:22.600", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/bqg6gjy2cx7rfyqjxcpv3jwjvmclvz4o"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security@apache.org", "type": "Secondary"}]}

{"bugzilla": {"description": "org.apache.cxf/cxf-rt-transports-jms: Apache CXF: Remote Code Execution via untrusted JMS configuration", "id": "2480729", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480729"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-15", "details": ["A flaw was found in Apache CXF. Untrusted users, if allowed to configure Java Message Service (JMS) for Apache CXF, can exploit this vulnerability to achieve remote code execution (RCE). This issue arises from an incomplete fix for a prior security flaw, indicating an alternative path that could lead to code execution."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, ensure that only trusted users have permissions to configure Java Message Service (JMS) for Apache CXF. Restrict access to configuration files and management interfaces that control JMS settings. If JMS functionality is not required, consider disabling it to remove the attack vector."}, "name": "CVE-2026-44417", "package_state": [{"cpe": "cpe:/a:redhat:camel_spring_boot:4", "fix_state": "Affected", "package_name": "cxf-rt-transports-jms", "product_name": "Red Hat build of Apache Camel for Spring Boot 4"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Out of support scope", "package_name": "cxf-rt-transports-jms", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Out of support scope", "package_name": "cxf-rt-transports-jms", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Affected", "package_name": "cxf-rt-transports-jms", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Affected", "package_name": "cxf-rt-transports-jms", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Out of support scope", "package_name": "cxf-rt-transports-jms", "product_name": "Red Hat Single Sign-On 7"}], "public_date": "2026-05-22T12:17:25Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-44417\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-44417\nhttps://lists.apache.org/thread/bqg6gjy2cx7rfyqjxcpv3jwjvmclvz4o"], "statement": "This is an Important flaw in Apache CXF where an incomplete fix for a prior vulnerability allows remote code execution. Exploitation requires that untrusted users have permissions to configure Java Message Service (JMS) within the Apache CXF environment, which is not a default configuration in Red Hat products. Successful exploitation could lead to arbitrary code execution with the privileges of the affected service.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.2.0,4.2.1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.0.0,4.1.6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,3.6.11)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Apache CXF", "source": "cna", "vendor": "Apache Software Foundation"}, "product": "cxf", "vendor": "apache"}], "created": "2026-05-22T13:30:36.216556+00:00", "updated": "2026-06-04T14:30:15.478328+00:00", "vendors": ["apache", "apache$PRODUCT$cxf"]}