HIGHCVE-2026-29226Published 2026-05-19Modified 2026-05-19CNA apache

CVE-2026-29226: Apache OFBiz: Low-Privilege SSRF in Content Component

Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

CVSS v3.1: 7.3
Severity: HIGH
Fixed in: 24.09.06
Affected Products: 1

Fix available

24.09.06

Affected packages

Apache Software Foundation / Apache OFBiz
< 24.09.06 (from 0)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References

lists.apache.org

Metrics

Fix available