COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-50628

CVE-2026-50628

Severity
critical
Source
NVD · cve
Published
2026-06-12
CVSS
9.8
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-50628
shame 35/100

A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP address. Enabling this security feature inadvertently creates an inverse security check. Users are recommended to upgrade to v

Players implicated

apache · vendorcxf · product

Description

A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP address. Enabling this security feature inadvertently creates an inverse security check. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fixes this issue.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.