A vulnerability identified as critical has been detected in Apache CXF up to 3.6.10/4.1.5/4.2.0 . The impacted element is an unknown function of the component JMS Configuration Handler . This manipulation causes improper input validation. This vulnerability is registered as CVE-2026-44417 . Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.