CVE-2026-44417

Name: CVE-2026-44417 — Vulnerability Record
Brand: Quanteta Data Lab
SKU: CVE-2026-44417

HIGH

CVSS v3.1: 7.5 · EPSS: 0.0045 (35.7 percentile)

NetworkNo user interactionImproper Input ValidationVendor advisory ref

Source data as of: 2026-06-30 05:13:05 UTC

At a glance

Severity: HIGH
CVSS: 7.5 v3.1 · NVD
EPSS: 0.0045 (35.7 percentile) · FIRST.org
CISA KEV: No
Type: Improper Input Validation · NVD CWE
Attack conditions (CVSS vector): NetworkNo user interaction · Source: NVD Vector
Affected vendors: apache
Published: 2026-05-22 · Modified: 2026-06-30
References: Jump to references (4)

CVSS / EPSS / KEV

CVSS v3.1 7.5 / 10 HIGH Source: NVD

EPSS 0.0045 35.7 percentile Source: FIRST.org

CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.

Record details

CVE ID: CVE-2026-44417
CVSS (v3.1): 7.5 (HIGH)
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability subscore: 1.6
Impact subscore: 5.9
EPSS: 0.0045 (35.7 percentile) — 2026-06-30
CISA KEV: No
Weakness (CWE): CWE-20, CWE-15
Affected vendors: apache
Affected configurations (CPE): 3
Published: 2026-05-22
Modified: 2026-06-30
Status: Modified
GitHub Advisory: GHSA-2hvc-5c6v-f533

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.

← Back to all records

CVE-2026-44417

At a glance

CVSS / EPSS / KEV

Description

Record details

References

Related records

Same affected vendor

Same weakness type (CWE)

Published the same year