MEDIUM
Apache Software Foundation
CVE published 2026-05-19
CVE-2026-31380
CVE-2026-31380 is an Expression Language Injection issue in Apache OFBiz affecting versions before 24.09.06. The supplied advisory guidance recommends upgrading to 24.09.06, which fixes the flaw. Because expression-language weaknesses can allow attacker-controlled input to be interpreted in server-side expression contexts, this should be treated as a priority security update for affected deployments.