Resource exhaustion in Apache CXF - CVE-2026-50645
Published: July 2, 2026
Apache CXF
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to there is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.