CVE-2026-47342 PUBLISHED

Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass

Assigner: apache
Reserved: 19.05.2026 Published: 10.06.2026 Updated: 10.06.2026

A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges

This issue affects Apache OFBiz: before 24.09.07.

Users are recommended to upgrade to version 24.09.07, which fixes the issue.

Product Status

Vendor Apache Software Foundation
Product Apache OFBiz
Versions Default: unaffected
  • affected from 0 to 24.09.07 (excl.)

Credits

  • Le Huynh Duc (lwd3c) finder

References

Problem Types

  • CWE-285 Improper Authorization CWE