โ† ุงู„ุนูˆุฏุฉ ู„ู„ุฌุฏูˆู„
CVE-2026-50645
CVE-2026-50645 โ€” There is no restriction on the amount of attachment headers that a message can c
๐Ÿ“… 2026-06-12
๐ŸŸ  High ๐Ÿ”ฅ No NVD DDoS Web CVSS 7.5

๐Ÿ“‹ ุงู„ูˆุตู ุงู„ูƒุงู…ู„

There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead to uncontrolled resource consumption or a denial of service attack.ย Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue by imposing a maximum default of 500 attachments per message.

๐Ÿ’ป ุงู„ุฃู†ุธู…ุฉ ุงู„ู…ุชุฃุซุฑุฉ

Apache HTTP Server

โš ๏ธ ู†ูˆุน ุงู„ุชู‡ุฏูŠุฏ

DDoS

๐Ÿ”— CVE ID

CVE-2026-50645

๐Ÿ“ก ุงู„ู…ุตุฏุฑ

NVD

โœ… ุงู„ุญู„ูˆู„ ูˆุงู„ุชุฎููŠู

Update to v4.2.2

๐Ÿ”— ุงู„ู…ุตุฏุฑ ุงู„ุฃุตู„ูŠ โ† ๐Ÿ“˜ NVD โ† โšก CISA KEV โ†