A vulnerability was found in Apache CXF up to 4.1.6/4.2.1 . It has been classified as critical . This issue affects some unknown processing of the component Attachment Header Handler . Performing a manipulation results in improper access controls. This vulnerability was named CVE-2026-50645 . The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.