CVE-2026-29207

Source
https://cve.org/CVERecord?id=CVE-2026-29207
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-29207.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-29207
Published
2026-05-19T09:18:18.681Z
Modified
2026-07-08T08:12:27.170102618Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Apache OFBiz: Low-Privilege SSTI Leading to RCE in the Content Component
Details

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz.

This issue affects Apache OFBiz: before 24.09.06.

Users are recommended to upgrade to version 24.09.06, which fixes the issue.

Please note that in the updated version, "Data Resource" records with dataTemplateTypeId = "FTL" are no longer supported.

Additionally, in the updated version, the "Ecommerce Customer" security group no longer includes content management grants. Users are advised to remove these permissions from any production site as well.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/29xxx/CVE-2026-29207.json",
    "cna_assigner": "apache",
    "cwe_ids": [
        "CWE-1336"
    ],
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "fixed": "24.09.06"
                }
            ]
        },
        {
            "extracted_events": [
                {
                    "fixed": "24.09.06"
                }
            ],
            "source": "DESCRIPTION"
        }
    ]
}
References

Affected packages

Git / github.com/apache/ofbiz-framework

Affected ranges

Type
GIT
Repo
https://github.com/apache/ofbiz-framework
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "24.09.06"
        }
    ]
}

Affected versions

release24.*
release24.09.01
release24.09.02
release24.09.03
release24.09.04
release24.09.05

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-29207.json"