CVE Catalog
CVE-2026-45434
CriticalSummary
CVE-2026-45434 in Apache OFBiz has a flaw in password-change logic that can lead to remote code execution. This issue affects versions before 24.09.06.
Risk Assessment
Improper authentication may allow attackers to execute code remotely, posing a serious threat to the security of the system and the organization's data.
Recommendation
It is recommended to upgrade to version 24.09.06, which fixes this vulnerability.
Original NVD description (English source)
Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

