A vulnerability classified as critical has been found in Apache OFBiz up to 24.09.05 . The affected element is an unknown function of the component Expression Language Statement Handler . The manipulation leads to improper neutralization of special elements used in an expression language statement. This vulnerability is documented as CVE-2026-31380 . The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.