CVE-2026-29226 PUBLISHED

Apache OFBiz: Low-Privilege SSRF in Content Component

Assigner: apache
Reserved: 04.03.2026 Published: 19.05.2026 Updated: 19.05.2026

Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz via Content component operations.

This issue affects Apache OFBiz: before 24.09.06.

Users are recommended to upgrade to version 24.09.06, which fixes the issue.

Product Status

Vendor Apache Software Foundation
Product Apache OFBiz
Versions Default: unaffected
  • affected from 0 to 24.09.06 (excl.)

Credits

  • Lidor B / thisis0xczar of Novee Security reporter
  • Sho Odagiri of GMO Cybersecurity by Ierae, Inc. reporter
  • duanjinshi@163.com reporter

References

Problem Types

  • CWE-918 Server-Side Request Forgery (SSRF) CWE