{"vulnerability": "CVE-2026-45434", "sightings": [{"uuid": "82007117-2002-4b00-a602-141807b5a711", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45434", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mm7xaheq4t2z", "content": "CVE-2026-45434: Apache OFBiz: Authentication Bypass via Password-Change Logic Flaw Leading to RCE", "creation_timestamp": "2026-05-19T17:49:26.849091Z"}, {"uuid": "49170e9b-f634-417f-bdfd-7232ab7cb412", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45434", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116600774685376629", "content": "\ud83d\udea8 CRITICAL: CVE-2026-45434 in Apache OFBiz (pre-24.09.06) allows attackers to bypass authentication and execute code remotely. No known exploits yet, but upgrade now to 24.09.06+ for protection. https://radar.offseq.com/threat/cve-2026-45434-cwe-287-improper-authentication-in--047a8a00 #OffSeq #CVE202645434 #ApacheOFBiz #infosec", "creation_timestamp": "2026-05-19T10:30:26.898854Z"}, {"uuid": "2720ba19-9ebb-45b7-a9ad-2bf4b17172d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45434", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mm76pj6yzv2j", "content": "Apache OFBiz faces a CRITICAL auth flaw (CVE-2026-45434) pre-24.09.06. Remote code execution possible \u2014 no exploits seen yet. Upgrade to 24.09.06+ ASAP! https://radar.offseq.com/threat/cve-2026-45434-cwe-287-improper-authentication-in--047a8a00 #OffSeq #ApacheOFBiz #vuln", "creation_timestamp": "2026-05-19T10:30:29.917456Z"}, {"uuid": "320b973e-dfaa-4d39-9bbe-f5514667121d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45434", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mmeezy6en42u", "content": "Apache OFBiz RCE\u306e\u8106\u5f31\u6027\u304c\u30d1\u30b9\u30ef\u30fc\u30c9\u5909\u66f4\u5236\u9650\u3092\u60aa\u7528\u3057\u3066\u8a8d\u8a3c\u3092\u56de\u907f\n\nApache OFBiz\u306e\u91cd\u5927\u306a\u8a8d\u8a3c\u56de\u907f\u306e\u8106\u5f31\u6027\u306b\u3088\u308a\u3001\u653b\u6483\u8005\u306f\u5f37\u5236\u30d1\u30b9\u30ef\u30fc\u30c9\u5909\u66f4\u30d5\u30ed\u30fc\u3092\u4e57\u3063\u53d6\u308a\u3001\u5358\u4e00\u306eHTTP\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u4ecb\u3057\u3066\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\uff08RCE\uff09\u3092\u9054\u6210\u3067\u304d\u307e\u3059\u300224.09.06\u3088\u308a\u524d\u306e\u3059\u3079\u3066\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u306b\u5f71\u97ff\u3092\u4e0e\u3048\u307e\u3059\u3002 CVE ID: CVE-2026-45434 CVSS 3.1\u30b9\u30b3\u30a2: 8.", "creation_timestamp": "2026-05-21T12:07:01.217545Z"}]}