CVE-2026-35086
Apache OFBiz: Authenticated Remote Code Execution via Unsafe Template Expansion in email services
Improper Control of Generation of Code ('Code Injection') vulnerability in email services of Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected products
Apache Software Foundation · Apache OFBizWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →