CVE-2026-35086

medium Apache
EPSS Score
0.0%
Exploitation probability in 30 days
Top 92% most likely to be exploited
Published: May 19, 2026 (51 days ago)
Last Modified: May 20, 2026
Vendor: Apache
Source: MITRE

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

CWE

CWE-94

Affected Products

Apache Software Foundation Apache OFBiz

References