CVE-2026-31909
Description
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to version 24.09.06, which fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Apache OFBiz before 24.09.06 allows unauthenticated attackers to access shipment label images, exposing sensitive information.
Vulnerability
Apache OFBiz versions before 24.09.06 contain an exposure of sensitive information vulnerability. The issue allows an unauthenticated actor to access shipment label images, potentially disclosing sensitive data [1].
Exploitation
Exploitation requires network access to an affected instance. No authentication is needed. An attacker can directly request the shipment label image endpoint to retrieve images without any privileges [1].
Impact
Successful exploitation results in unauthorized disclosure of shipment label images, which may contain sensitive information such as addresses, order details, or other business data. This impacts confidentiality [1].
Mitigation
Users should upgrade to Apache OFBiz version 24.09.06 which fixes the issue. No workarounds are mentioned in the available references [1].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- lists.apache.org/thread/0hpopzz1qrhkzsbt3ncofs6qo0545r2hnvdMailing ListVendor Advisory
- www.openwall.com/lists/oss-security/2026/05/19/23nvd
News mentions
0No linked articles in our index yet.