CVE-2026-45434
Modified Modified - Updated After Analysis
Improper Authentication in Apache OFBiz Leading to RCE

Publication date: 2026-05-19

Last updated on: 2026-05-20

Assigner: Apache Software Foundation

Description
Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-19
Last Modified
2026-05-20
Generated
2026-06-10
AI Q&A
2026-05-19
EPSS Evaluated
2026-06-08
NVD
CVE-2026-45434
EUVD
EUVD-2026-30877
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
apache ofbiz to 24.09.06 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability is an Improper Authentication flaw in Apache OFBiz that can lead to remote code execution, which poses a significant security risk.

Such a vulnerability could potentially impact compliance with standards like GDPR and HIPAA because it threatens the confidentiality, integrity, and availability of sensitive data.

However, the provided information does not explicitly describe the direct effects on compliance with these regulations.

Executive Summary

This vulnerability is an Improper Authentication flaw in Apache OFBiz related to its password-change logic. It allows an attacker to potentially execute remote code by exploiting the way password changes are handled.

Impact Analysis

The vulnerability can lead to remote code execution, which means an attacker could run arbitrary code on the affected system. This could compromise the security and integrity of your system, potentially leading to unauthorized access, data theft, or system disruption.

Mitigation Strategies

Users are recommended to upgrade Apache OFBiz to version 24.09.06, which fixes the improper authentication vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45434. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart