Critical severity9.8NVD Advisory· Published May 19, 2026· Updated May 20, 2026
CVE-2026-45434
CVE-2026-45434
Description
Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to version 24.09.06, which fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
2- lists.apache.org/thread/yw4owrzl0yho1yx7oqxvr6xjkmln9tq8nvdMailing ListVendor Advisory
- www.openwall.com/lists/oss-security/2026/05/19/29nvd
News mentions
2- ⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain ChaosThe Hacker News · May 25, 2026
- Apache OFBiz: 17 CVEs Disclosed in Single Advisory — Three Critical, Patch NowVypr Intelligence · May 19, 2026