A vulnerability, which was classified as problematic , has been found in Apache CXF up to 4.1.6/4.2.1 . Affected by this vulnerability is an unknown functionality of the component OAuth2 . The manipulation leads to time-of-check time-of-use. This vulnerability is traded as CVE-2026-50631 . It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.