CVE-2022-46363EPSS p64.0%
CVE-2022-46363CVE-2022-46363
apache / cxf
Description
A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured.
Scoring
| CVSS | 7.5 () |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| EPSS | 1.19% probability of exploitation · percentile 64.0% · 2026-06-18T12:00:27Z |
| Last modified | 2026-06-17 |