CVE-2026-48192

MEDIUM

Siemens Mendix Studio Pro 10.11 - Improper Control of Generation of Code ('Code Injection')

Title source: rule
STIX 2.1

Description

A vulnerability has been identified in Mendix Studio Pro 10.11 (All versions), Mendix Studio Pro 10.12 (All versions), Mendix Studio Pro 10.13 (All versions), Mendix Studio Pro 10.14 (All versions), Mendix Studio Pro 10.15 (All versions), Mendix Studio Pro 10.16 (All versions), Mendix Studio Pro 10.17 (All versions), Mendix Studio Pro 10.18 (All versions), Mendix Studio Pro 10.19 (All versions), Mendix Studio Pro 10.20 (All versions), Mendix Studio Pro 10.21 (All versions), Mendix Studio Pro 10.22 (All versions), Mendix Studio Pro 10.23 (All versions), Mendix Studio Pro 10.24 (All versions < V10.24.21), Mendix Studio Pro 11.0 (All versions), Mendix Studio Pro 11.1 (All versions), Mendix Studio Pro 11.10 (All versions), Mendix Studio Pro 11.11 (All versions), Mendix Studio Pro 11.2 (All versions), Mendix Studio Pro 11.3 (All versions), Mendix Studio Pro 11.4 (All versions), Mendix Studio Pro 11.5 (All versions), Mendix Studio Pro 11.6 (All versions < V11.6.7), Mendix Studio Pro 11.7 (All versions), Mendix Studio Pro 11.8 (All versions), Mendix Studio Pro 11.9 (All versions). Affected versions of Mendix Studio Pro do not properly validate or sanitize project files processed during the build pipeline. This could allow an attacker who tricks a user into opening and running a specially crafted malicious project locally on their system to execute arbitrary code in the context of that user.

Scores

CVSS v3 5.4
EPSS 0.0019
EPSS Percentile 9.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-94
Status published
Products (26)
Siemens/Mendix Studio Pro 10.11
Siemens/Mendix Studio Pro 10.12
Siemens/Mendix Studio Pro 10.13
Siemens/Mendix Studio Pro 10.14
Siemens/Mendix Studio Pro 10.15
Siemens/Mendix Studio Pro 10.16
Siemens/Mendix Studio Pro 10.17
Siemens/Mendix Studio Pro 10.18
Siemens/Mendix Studio Pro 10.19
Siemens/Mendix Studio Pro 10.20
... and 16 more
Published Jun 30, 2026
Tracked Since Jun 30, 2026