A vulnerability classified as problematic has been found in Apache CXF up to 4.1.6/4.2.1 . This impacts an unknown function of the component OAuth2 . Performing a manipulation results in improper output neutralization for logs. This vulnerability is reported as CVE-2026-50629 . The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.