What is GHSA-2hvc-5c6v-f533?

GHSA-2hvc-5c6v-f533 is a security advisory published by GitHub Security Advisories with High severity. The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not...

Which CVE IDs does GHSA-2hvc-5c6v-f533 cover?

GHSA-2hvc-5c6v-f533 covers the following CVE IDs: CVE-2026-44417. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-2hvc-5c6v-f533?

GHSA-2hvc-5c6v-f533 has a CVSS v3 base score of 7.5, published by GitHub Security Advisories.

GHSA-2hvc-5c6v-f533HighCVSS 7.5

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not...

Vendor

GitHub Security Advisories

Published

May 26, 2026

Last Modified

May 26, 2026

🔗 CVE IDs covered (1)

CVE-2026-44417 →

📋 Description

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-44417
https://lists.apache.org/thread/bqg6gjy2cx7rfyqjxcpv3jwjvmclvz4o
https://github.com/advisories/GHSA-2hvc-5c6v-f533