(Image: Artur Szczybylo/Shutterstock.com). Apache developers have closed multiple, partly critical security vulnerabilities in the enterprise software OFBiz. Attackers can exploit weaknesses in Apache OFBiz to compromise PCs. In a current version, developers have now closed several security gaps. Various threats. With OFBiz, you can organize and automate complex business processes. According to the security section of the Apache OFBiz website [1], developers have closed a total of 17 gaps in version 24.09.06. So far, there are no indications of attacks. A “critical” vulnerability (CVE-2026-31986) is considered particularly dangerous. At this point, attackers can gain access to instances due to a hardcoded cryptographic key. Attackers can also execute malicious code remotely (such as CVE-2026-45434 “high”). To protect systems from potential attacks, administrators must install the patched version promptly. (des [3]). URL of this article: https://www.heise.de/-11300620. Links in this article: https://ofbiz.apache.org/security.html. https://pro.heise.de/security/?LPID=39555_HS1L0001_27416_999_0&wt_mc=disp.fd.security-pro.security_pro24.disp.disp.disp. mailto:des@heise.de. Copyright © 2026 Heise Medien
heise security News