CVE-2026-47342

CVE-2026-47342: Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass

Vendor Apache Software Foundation

Product Apache OFBiz

Weakness CWE-285

Published June 10, 2026

Last update June 12, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges This issue affects Apache OFBiz: before 24.09.07. Users are recommended to upgrade to version 24.09.07, which fixes the issue.

Key dates

Disclosure timeline

June 10, 2026 CVE published

June 12, 2026 Record updated