A vulnerability marked as critical has been reported in Apache CXF up to 4.1.6/4.2.1 . The impacted element is an unknown function of the component OAuth2 . This manipulation causes improper access controls. This vulnerability is registered as CVE-2026-50627 . Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.