CVE-2026-48192
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N
Summary
A vulnerability has been identified in Mendix Studio Pro 10.11 (All versions), Mendix Studio Pro 10.12 (All versions), Mendix Studio Pro 10.13 (All versions), Mendix Studio Pro 10.14 (All versions), Mendix Studio Pro 10.15 (All versions), Mendix Studio Pro 10.16 (All versions), Mendix Studio Pro 10.17 (All versions), Mendix Studio Pro 10.18 (All versions), Mendix Studio Pro 10.19 (All versions), Mendix Studio Pro 10.20 (All versions), Mendix Studio Pro 10.21 (All versions), Mendix Studio Pro 10.22 (All versions), Mendix Studio Pro 10.23 (All versions), Mendix Studio Pro 10.24 (All versions < V10.24.21), Mendix Studio Pro 11.0 (All versions), Mendix Studio Pro 11.1 (All versions), Mendix Studio Pro 11.10 (All versions), Mendix Studio Pro 11.11 (All versions), Mendix Studio Pro 11.2 (All versions), Mendix Studio Pro 11.3 (All versions), Mendix Studio Pro 11.4 (All versions), Mendix Studio Pro 11.5 (All versions), Mendix Studio Pro 11.6 (All versions < V11.6.7), Mendix Studio Pro 11.7 (All versions), Mendix Studio Pro 11.8 (All versions), Mendix Studio Pro 11.9 (All versions). Affected versions of Mendix Studio Pro do not properly validate or sanitize project files processed during the build pipeline. This could allow an attacker who tricks a user into opening and running a specially crafted malicious project locally on their system to execute arbitrary code in the context of that user.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | Mendix Studio Pro 10.11 | 0 < * | affected |
| Siemens | Mendix Studio Pro 10.12 | 0 < * | affected |
| Siemens | Mendix Studio Pro 10.13 | 0 < * | affected |
| Siemens | Mendix Studio Pro 10.14 | 0 < * | affected |
| Siemens | Mendix Studio Pro 10.15 | 0 < * | affected |
| Siemens | Mendix Studio Pro 10.16 | 0 < * | affected |
| Siemens | Mendix Studio Pro 10.17 | 0 < * | affected |
| Siemens | Mendix Studio Pro 10.18 | 0 < * | affected |
| Siemens | Mendix Studio Pro 10.19 | 0 < * | affected |
| Siemens | Mendix Studio Pro 10.20 | 0 < * | affected |
| Siemens | Mendix Studio Pro 10.21 | 0 < * | affected |
| Siemens | Mendix Studio Pro 10.22 | 0 < * | affected |
| Siemens | Mendix Studio Pro 10.23 | 0 < * | affected |
| Siemens | Mendix Studio Pro 10.24 | 0 < V10.24.21 | affected |
| Siemens | Mendix Studio Pro 11.0 | 0 < * | affected |
| Siemens | Mendix Studio Pro 11.1 | 0 < * | affected |
| Siemens | Mendix Studio Pro 11.10 | 0 < * | affected |
| Siemens | Mendix Studio Pro 11.11 | 0 < * | affected |
| Siemens | Mendix Studio Pro 11.2 | 0 < * | affected |
| Siemens | Mendix Studio Pro 11.3 | 0 < * | affected |
| Siemens | Mendix Studio Pro 11.4 | 0 < * | affected |
| Siemens | Mendix Studio Pro 11.5 | 0 < * | affected |
| Siemens | Mendix Studio Pro 11.6 | 0 < V11.6.7 | affected |
| Siemens | Mendix Studio Pro 11.7 | 0 < * | affected |
| Siemens | Mendix Studio Pro 11.8 | 0 < * | affected |
| Siemens | Mendix Studio Pro 11.9 | 0 < * | affected |
Weaknesses
- CWE-94: CWE-94: Improper Control of Generation of Code ('Code Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.