CVE-2026-31909
Exposure of Sensitive Information in Apache OFBiz
Publication date: 2026-05-19
Last updated on: 2026-05-19
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | ofbiz | to 24.09.06 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Apache OFBiz allows unauthorized access to sensitive shipment label images, which constitutes exposure of sensitive information to unauthorized actors.
Such exposure of sensitive information could potentially impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive data against unauthorized access.
However, the provided information does not explicitly detail the compliance implications or specific regulatory impacts of this vulnerability.
Can you explain this vulnerability to me?
This vulnerability in Apache OFBiz involves the exposure of sensitive information to an unauthorized actor. It affects versions of Apache OFBiz before 24.09.06.
The issue allows unauthorized parties to access sensitive data that should otherwise be protected.
How can this vulnerability impact me? :
The impact of this vulnerability is that sensitive information could be accessed by unauthorized actors, potentially leading to data breaches or misuse of confidential data.
What immediate steps should I take to mitigate this vulnerability?
Users are recommended to upgrade Apache OFBiz to version 24.09.06, which fixes the issue.