CVE-2026-50645 | Apache CXF up to 4.1.6/4.2.1 Attachment Header access control

June 11, 2026 Yanac

A vulnerability was found in Apache CXF up to 4.1.6/4.2.1. It has been classified as critical. This issue affects some unknown processing of the component Attachment Header Handler. Performing a manipulation results in improper access controls.

This vulnerability was named CVE-2026-50645. The attack may be initiated remotely. There is no available exploit.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More