CVE-2026-50629
Received Received - Intake
OAuth2 Server Log Injection via clientId Parameter

Publication date: 2026-06-12

Last updated on: 2026-06-12

Assigner: Apache Software Foundation

Description
The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files.Β Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fixes this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-12
Last Modified
2026-06-12
Generated
2026-06-12
AI Q&A
2026-06-12
EPSS Evaluated
N/A
NVD
CVE-2026-50629
EUVD
EUVD-2026-36397
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
apache cxf to 4.2.2 (exc)
apache cxf to 4.1.7 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-93 The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability CVE-2026-50629 affects Apache CXF's OAuth2 implementation. It occurs because the 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters.

This lack of sanitization allows an attacker to inject arbitrary content, including fake log entries, into the server's log files.

The issue is fixed in Apache CXF versions 4.2.2 and 4.1.7.

Impact Analysis

This vulnerability can impact you by allowing attackers to inject arbitrary and potentially misleading content into your server's log files.

Such log injection can lead to confusion during log analysis, hide malicious activities, or create fake log entries that misrepresent system events.

This can hinder incident response, auditing, and forensic investigations.

Detection Guidance

This vulnerability involves log injection via the 'clientId' parameter in HTTP requests to the OAuth2 server. Detection can focus on examining server log files for suspicious or malformed entries that may indicate injected content or fake log entries.

You can search your OAuth2 server logs for unusual control characters or unexpected log entries that do not correspond to legitimate client IDs.

  • Use grep or similar tools to find suspicious entries in log files, for example: grep -P '[\x00-\x1F\x7F]' /path/to/oauth2/server/logs
  • Search for repeated or suspicious 'clientId' values that contain control characters or unexpected formatting.

Additionally, monitoring incoming HTTP requests for unusual 'clientId' parameter values may help detect exploitation attempts.

Mitigation Strategies

The primary mitigation step is to upgrade the Apache CXF OAuth2 implementation to version 4.2.2 or 4.1.7, where this log injection vulnerability has been fixed.

Until the upgrade can be applied, consider implementing input validation or sanitization on the 'clientId' parameter to prevent control characters from being logged.

Review and monitor server logs for suspicious entries to detect potential exploitation attempts.

Compliance Impact

The vulnerability allows attackers to inject arbitrary content, including fake log entries, into the server's log files by exploiting unsanitized 'clientId' parameters in OAuth2 server logs.

Such log injection can undermine the integrity and reliability of log data, which is critical for auditing, monitoring, and forensic investigations required by compliance standards like GDPR and HIPAA.

Compromised logs may hinder an organization's ability to detect and respond to security incidents, potentially leading to non-compliance with regulatory requirements for data protection and incident reporting.

Therefore, this vulnerability could negatively impact compliance with common standards and regulations that mandate accurate and trustworthy logging practices.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50629. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart