Apache OFBiz <24.09.06 Improper Access Control in Multi-tenant Deployments
CVE-2026-31388 Published on May 19, 2026

Apache OFBiz: Cross-Tenant Data Exposure via Program Export Feature
Improper Access Control vulnerability in Apache OFBiz in multi-tenant deployments. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

Vendor Advisory NVD

Weakness Type

What is an Authorization Vulnerability?

The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE-2026-31388 has been classified to as an Authorization vulnerability or weakness.

Products Associated with CVE-2026-31388

Want to know whenever a new CVE is published for Apache OFBiz? stack.watch will email you.

Apache OFBiz

Affected Versions

Apache Software Foundation Apache OFBiz:

Before 24.09.06 is affected.

Apache OFBiz <24.09.06 Improper Access Control in Multi-tenant DeploymentsCVE-2026-31388 Published on May 19, 2026

Weakness Type

What is an Authorization Vulnerability?

Products Associated with CVE-2026-31388

Affected Versions

Apache OFBiz <24.09.06 Improper Access Control in Multi-tenant Deployments
CVE-2026-31388 Published on May 19, 2026