Apache OFBiz: auth bypass to RCE, default password still ships
CVE-2026-45434 (CVSS 9.8) in Apache OFBiz chains auth bypass to Groovy RCE. Default password 'ofbiz' ships on 10+ demo accounts. Fixed in 24.09.06.
Auth Bypass
1 article tagged #auth-bypass