{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-44417","assignerOrgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","state":"PUBLISHED","assignerShortName":"apache","dateReserved":"2026-05-06T14:29:28.897Z","datePublished":"2026-05-22T12:17:25.102Z","dateUpdated":"2026-07-10T12:06:03.511Z"},"containers":{"cna":{"affected":[{"collectionURL":"https://repo.maven.apache.org/maven2","defaultStatus":"unaffected","packageName":"org.apache.cxf:cxf-rt-transports-jms","product":"Apache CXF","vendor":"Apache Software Foundation","versions":[{"lessThan":"4.2.1","status":"affected","version":"4.2.0","versionType":"semver"},{"lessThan":"4.1.6","status":"affected","version":"4.0.0","versionType":"semver"},{"lessThan":"3.6.11","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Github / twitter - https://github.com/exploitintel / @exploit_intel"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The fix for&nbsp;CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. <br>Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue."}],"value":"The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. \nUsers are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue."}],"metrics":[{"other":{"content":{"text":"moderate"},"type":"Textual description of severity"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-20","description":"CWE-20 Improper Input Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","shortName":"apache","dateUpdated":"2026-05-22T12:17:25.102Z"},"references":[{"tags":["vendor-advisory"],"url":"https://lists.apache.org/thread/bqg6gjy2cx7rfyqjxcpv3jwjvmclvz4o"}],"source":{"discovery":"UNKNOWN"},"title":"Apache CXF: Incomplete fix for CVE-2025-48913 (Untrusted JMS configuration can lead to RCE)","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.5,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"HIGH","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2026-05-22T00:00:00+00:00","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3","id":"CVE-2026-44417"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-05-23T03:55:40.449Z"}},{"affected":[{"cpes":["cpe:/a:redhat:apache_camel_spring_boot:4.18"],"defaultStatus":"affected","product":"Red Hat build of Apache Camel 4.18.1.P1 for Spring Boot 3.5.16","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jboss_fuse:7"],"defaultStatus":"affected","product":"Red Hat Fuse 7","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7"],"defaultStatus":"affected","product":"Red Hat JBoss Enterprise Application Platform 7","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8"],"defaultStatus":"affected","product":"Red Hat JBoss Enterprise Application Platform 8","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:red_hat_single_sign_on:7"],"defaultStatus":"affected","product":"Red Hat Single Sign-On 7","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jbosseapxp"],"defaultStatus":"unaffected","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","vendor":"Red Hat"}],"datePublic":"2026-05-22T12:17:25.102Z","descriptions":[{"lang":"en","value":"A flaw was found in Apache CXF. Untrusted users, if allowed to configure Java Message Service (JMS) for Apache CXF, can exploit this vulnerability to achieve remote code execution (RCE). This issue arises from an incomplete fix for a prior security flaw, indicating an alternative path that could lead to code execution."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-15","description":"External Control of System or Configuration Setting","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-44417"},{"name":"RHBZ#2480729","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2480729"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44417.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:37390"}],"solutions":[{"lang":"en","value":"RHSA-2026:37390: Red Hat build of Apache Camel 4.18.1.P1 for Spring Boot 3.5.16"}],"timeline":[{"lang":"en","time":"2026-05-22T13:00:55.251Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-05-22T12:17:25.102Z","value":"Made public."}],"title":"org.apache.cxf/cxf-rt-transports-jms: Apache CXF: Remote Code Execution via untrusted JMS configuration","workarounds":[{"lang":"en","value":"To mitigate this issue, ensure that only trusted users have permissions to configure Java Message Service (JMS) for Apache CXF. Restrict access to configuration files and management interfaces that control JMS settings. If JMS functionality is not required, consider disabling it to remove the attack vector."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-07-10T12:06:03.511Z"}}]}}