A critical authentication bypass vulnerability in Apache OFBiz, tracked as CVE-2026-45434, has been publicly disclosed, allowing attackers to bypass forced password-change restrictions and achieve full remote code execution (RCE) on unpatched servers. Disclosed on May 19–20, 2026, and assigned a CVSS 3.1 score of 9.8 (Critical), the flaw affects all Apache OFBiz versions before 24.09.06 across both […]
The post Apache OFBiz Flaw Exploited for Auth Bypass and RCE Attacks appeared first on Cyber Security News.