A vulnerability was found in Apache CXF up to 4.1.6/4.2.1 and classified as critical . This vulnerability affects unknown code of the component WS JSON Request Filter . Such manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2026-50634 . The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.