A vulnerability has been found in Apache CXF up to 4.1.6/4.2.1 and classified as critical . This affects the function DispatchMDBMessageListenerImpl of the component JNDI Handler . This manipulation causes injection. This vulnerability is handled as CVE-2026-50633 . The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.