vulnerability

Apache OFBiz: CVE-2026-31986: Use of hard-coded cryptographic key vulnerability.

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:N/C:C/I:C/A:N)	May 19, 2026	May 20, 2026	May 20, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:N)

Published

May 19, 2026

Added

May 20, 2026

Modified

May 20, 2026

Description

Use of hard-coded cryptographic key vulnerability in apache ofbiz. this issue affects apache ofbiz: before 24.09.06. users are recommended to upgrade to version 24.09.06, which fixes the issue.

Solution

apache-ofbiz-upgrade-latest

References

CWE-321
CVE-2026-31986
https://attackerkb.com/topics/CVE-2026-31986
https://lists.apache.org/thread/2hl9xoqm8tq8b22x6vnmtp7tg3opcqgc
https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-30873

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report