Apache OFBiz <=24.09.05 Improper Auth via Password-Change RCE
CVE-2026-45434 Published on May 19, 2026

Apache OFBiz: Authentication Bypass via Password-Change Logic Flaw Leading to RCE
Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

Vendor Advisory NVD

Weakness Type

What is an authentification Vulnerability?

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

CVE-2026-45434 has been classified to as an authentification vulnerability or weakness.

Products Associated with CVE-2026-45434

Want to know whenever a new CVE is published for Apache OFBiz? stack.watch will email you.

Apache OFBiz

Affected Versions

Apache Software Foundation Apache OFBiz:

Before 24.09.06 is affected.

Apache OFBiz <=24.09.05 Improper Auth via Password-Change RCECVE-2026-45434 Published on May 19, 2026

Weakness Type

What is an authentification Vulnerability?

Products Associated with CVE-2026-45434

Affected Versions

Apache OFBiz <=24.09.05 Improper Auth via Password-Change RCE
CVE-2026-45434 Published on May 19, 2026