A vulnerability, which was classified as critical , was found in Apache CXF up to 4.1.6/4.2.1 . Affected by this issue is some unknown functionality of the component JNDI . The manipulation results in injection. This vulnerability is known as CVE-2026-50632 . It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.