CVE-2026-50634: A vulnerability in Apache CXF's JwsJsonContainerRequestFilter can be exploited to cause CXF to process metadata that was
infovulnerability
security
Summary
Apache CXF's JwsJsonContainerRequestFilter has a vulnerability that allows attackers to bypass signature verification and process unauthenticated metadata (like Content-Type headers or HTTP headers). This means an application might trust metadata that wasn't actually verified by a digital signature, potentially allowing attackers to manipulate how the application processes data.
Solution / Mitigation
Users are recommended to upgrade to Apache CXF versions 4.2.2 or 4.1.7, which fix this issue.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Disclosure Date
June 12, 2026
Classification
Attack SophisticationModerate
Taxonomy References
CWE (Weakness Type)
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-50634
First tracked: June 12, 2026 at 08:08 AM
Classified by LLM (prompt v3) · confidence: 95%