CVE-2026-48192

Summary

A vulnerability has been identified in Mendix Studio Pro 10.11 (All versions), Mendix Studio Pro 10.12 (All versions), Mendix Studio Pro 10.13 (All versions), Mendix Studio Pro 10.14 (All versions), Mendix Studio Pro 10.15 (All versions), Mendix Studio Pro 10.16 (All versions), Mendix Studio Pro 10.17 (All versions), Mendix Studio Pro 10.18 (All versions), Mendix Studio Pro 10.19 (All versions), Mendix Studio Pro 10.20 (All versions), Mendix Studio Pro 10.21 (All versions), Mendix Studio Pro 10.22 (All versions), Mendix Studio Pro 10.23 (All versions), Mendix Studio Pro 10.24 (All versions < V10.24.21), Mendix Studio Pro 11.0 (All versions), Mendix Studio Pro 11.1 (All versions), Mendix Studio Pro 11.10 (All versions), Mendix Studio Pro 11.11 (All versions), Mendix Studio Pro 11.2 (All versions), Mendix Studio Pro 11.3 (All versions), Mendix Studio Pro 11.4 (All versions), Mendix Studio Pro 11.5 (All versions), Mendix Studio Pro 11.6 (All versions < V11.6.7), Mendix Studio Pro 11.7 (All versions), Mendix Studio Pro 11.8 (All versions), Mendix Studio Pro 11.9 (All versions). Affected versions of Mendix Studio Pro do not properly validate or sanitize project files processed during the build pipeline. This could allow an attacker who tricks a user into opening and running a specially crafted malicious project locally on their system to execute arbitrary code in the context of that user.

Affected Software

VendorProductVersion RangeStatus
SiemensMendix Studio Pro 10.110 < *affected
SiemensMendix Studio Pro 10.120 < *affected
SiemensMendix Studio Pro 10.130 < *affected
SiemensMendix Studio Pro 10.140 < *affected
SiemensMendix Studio Pro 10.150 < *affected
SiemensMendix Studio Pro 10.160 < *affected
SiemensMendix Studio Pro 10.170 < *affected
SiemensMendix Studio Pro 10.180 < *affected
SiemensMendix Studio Pro 10.190 < *affected
SiemensMendix Studio Pro 10.200 < *affected
SiemensMendix Studio Pro 10.210 < *affected
SiemensMendix Studio Pro 10.220 < *affected
SiemensMendix Studio Pro 10.230 < *affected
SiemensMendix Studio Pro 10.240 < V10.24.21affected
SiemensMendix Studio Pro 11.00 < *affected
SiemensMendix Studio Pro 11.10 < *affected
SiemensMendix Studio Pro 11.100 < *affected
SiemensMendix Studio Pro 11.110 < *affected
SiemensMendix Studio Pro 11.20 < *affected
SiemensMendix Studio Pro 11.30 < *affected
SiemensMendix Studio Pro 11.40 < *affected
SiemensMendix Studio Pro 11.50 < *affected
SiemensMendix Studio Pro 11.60 < V11.6.7affected
SiemensMendix Studio Pro 11.70 < *affected
SiemensMendix Studio Pro 11.80 < *affected
SiemensMendix Studio Pro 11.90 < *affected

Weaknesses

  • CWE-94: CWE-94: Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References