CVE-2026-29207— Apache OFBiz: Low-Privilege SSTI Leading to RCE in the Content Component
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache OFBiz | < 24.09.06 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-29207
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache OFBiz: Low-Privilege SSTI Leading to RCE in the Content Component
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. Please note that in the updated version, "Data Resource" records with dataTemplateTypeId = "FTL" are no longer supported. Additionally, in the updated version, the "Ecommerce Customer" security group no longer includes content management grants. Users are advised to remove these permissions from any production site as well.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1336
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache OFBiz 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache OFBiz是美国阿帕奇(Apache)基金会的一套企业资源计划(ERP)系统。该系统提供了一整套基于Java的Web应用程序组件和工具。 Apache OFBiz 24.09.06之前版本存在安全漏洞,该漏洞源于模板引擎中特殊元素中和不当。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache OFBiz | 0 ~ 24.09.06 | - |
II. Public POCs for CVE-2026-29207
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-29207
请登录查看更多情报信息。
Mailing List Discussions for CVE-2026-29207 (1)
Same Patch Batch · Apache Software Foundation · 2026-05-19 · 20 CVEs total
| CVE-2026-31910 | Apache OFBiz: Improper Input Validation in UI Factory Classes Leads to SSRF and Blind File | |
| CVE-2026-29220 | Apache OFBiz: Low-Privilege LFI in Content Component | |
| CVE-2026-29226 | Apache OFBiz: Low-Privilege SSRF in Content Component | |
| CVE-2026-31378 | Apache OFBiz: JSON Attribute Override and URL Allowlist Bypass Leads to Remote Code Execut | |
| CVE-2026-31379 | Apache OFBiz: Path Traversal and File Upload Validation Bypass Leading to Arbitrary File W | |
| CVE-2026-31380 | Apache OFBiz: FreeMarker SSTI via Duplicate Parameter Sanitization Bypass | |
| CVE-2026-31387 | Apache OFBiz: Cookie Manipulation Allows Authenticated JWT Forgery and Account Impersonati | |
| CVE-2026-31388 | Apache OFBiz: Cross-Tenant Data Exposure via Program Export Feature | |
| CVE-2026-31906 | Apache OFBiz: Reflected XSS via Improper HTML Attribute Escaping in Layered-Modal Dialog P | |
| CVE-2026-31909 | Apache OFBiz: Unauthenticated Shipment Label Image Disclosure | |
| CVE-2026-27173 | Apache Airflow CNCF Kubernetes provider: JWT Token Exposure in KubernetesExecutor Command- | |
| CVE-2026-31986 | Apache OFBiz: Unauthenticated RCE via Default JWT Signing Key and Widget Template Injectio | |
| CVE-2026-35086 | Apache OFBiz: Authenticated Remote Code Execution via Unsafe Template Expansion in email s | |
| CVE-2026-41919 | Apache OFBiz: Authentication Bypass due to Improper Neutralization of LDAP Special Element | |
| CVE-2026-45187 | Apache OFBiz: Improper Authorization in Scheduled Job Creation Allows Low-Privileged Users | |
| CVE-2026-45434 | Apache OFBiz: Authentication Bypass via Password-Change Logic Flaw Leading to RCE | |
| CVE-2026-46586 | Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy | |
| CVE-2026-47323 | Apache Camel: Camel-CXF Message Header Injection via Missing Inbound Filtering | |
| CVE-2026-42526 | Apache Airflow Amazon provider: Prevent unauthorized access to team-scoped secrets in AWS |
IV. Related Vulnerabilities
Same product: Apache OFBiz
- CVE-2026-46586
Apache OFBiz: Improper Validation in traverseContent Service - CVE-2026-45434
Apache OFBiz: Authentication Bypass via Password-Change Logi - CVE-2026-45187
Apache OFBiz: Improper Authorization in Scheduled Job Creati - CVE-2026-41919
Apache OFBiz: Authentication Bypass due to Improper Neutrali - CVE-2026-35086
Apache OFBiz: Authenticated Remote Code Execution via Unsafe
Same vendor: Apache Software Foundation
- CVE-2026-44417
Apache CXF: Incomplete fix for CVE-2025-48913 (Untrusted JMS - CVE-2026-44618
Apache CXF: XXE vulnerability in WS-Transfer functionality - CVE-2026-44930
Apache CXF: LDAP Injection vulnerability in XKMS LDAP Reposi - CVE-2026-48207
Apache Fory: PyFory ReduceSerializer Incomplete Policy Enfor - CVE-2026-45760
Apache Camel K: Camel K Cross-Namespace Build Deputy Attack
Same weakness: CWE-1336
- CVE-2025-40900
Angular template injection in Reports in Guardian/CMC before - CVE-2026-8740
Sanluan PublicCMS templateResult API TemplateResultDirective - CVE-2026-41713
Prompt Injection via Memory Poisoning in PromptChatMemoryAdv - CVE-2026-44129
Server-side template injection - CVE-2026-44916
OpenStack Ironic 安全漏洞
V. Comments for CVE-2026-29207
No comments yet