PatchSiren cyber security CVE debrief
CVE-2026-47342 Apache Software Foundation CVE debrief
CVE-2026-47342 is a high-severity privilege escalation vulnerability in Apache OFBiz. The vulnerability allows a low-privileged authenticated user to obtain higher privileges. This issue affects Apache OFBiz versions before 24.09.07. Users are recommended to upgrade to version 24.09.07, which fixes the issue. The CVSS score for this vulnerability is 8.8, indicating a high severity.
- Vendor
- Apache Software Foundation
- Product
- Apache OFBiz
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-12
Who should care
Users of Apache OFBiz, especially those with low-privileged authenticated users, should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by a lack of proper privilege management in Apache OFBiz. An authenticated user with low privileges can exploit this vulnerability to gain higher privileges.
Defensive priority
High
Recommended defensive actions
- Upgrade to Apache OFBiz version 24.09.07 or later.
- Review and limit the privileges of authenticated users.
Evidence notes
The CVE-2026-47342 vulnerability was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-47342) and has a CVSS score of 8.8. More details can be found on [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-47342).
Official resources
-
CVE-2026-47342 CVE record
CVE.org
-
CVE-2026-47342 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Mailing List, Vendor Advisory
-
Mitigation or vendor reference
af854a3a-2127-422b-91ae-364da2661108 - Mailing List, Third Party Advisory
CVE-2026-47342 was published on 2026-06-10T23:16:48.507Z and modified on 2026-06-12T19:31:41.303Z.