A vulnerability has been found in Apache OFBiz up to 24.09.05 and classified as critical . Affected is an unknown function of the component Email Service . Performing a manipulation results in code injection. This vulnerability is known as CVE-2026-35086 . Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.