CVE-2026-48192
Summary
| CVE | CVE-2026-48192 |
|---|---|
| State | PUBLISHED |
| Assigner | siemens |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-30 15:16:56 UTC |
| Updated | 2026-06-30 16:16:53 UTC |
| Description | A vulnerability has been identified in Mendix Studio Pro 10.11 (All versions), Mendix Studio Pro 10.12 (All versions), Mendix Studio Pro 10.13 (All versions), Mendix Studio Pro 10.14 (All versions), Mendix Studio Pro 10.15 (All versions), Mendix Studio Pro 10.16 (All versions), Mendix Studio Pro 10.17 (All versions), Mendix Studio Pro 10.18 (All versions), Mendix Studio Pro 10.19 (All versions), Mendix Studio Pro 10.20 (All versions), Mendix Studio Pro 10.21 (All versions), Mendix Studio Pro 10.22 (All versions), Mendix Studio Pro 10.23 (All versions), Mendix Studio Pro 10.24 (All versions < V10.24.21), Mendix Studio Pro 11.0 (All versions), Mendix Studio Pro 11.1 (All versions), Mendix Studio Pro 11.10 (All versions), Mendix Studio Pro 11.11 (All versions), Mendix Studio Pro 11.2 (All versions), Mendix Studio Pro 11.3 (All versions), Mendix Studio Pro 11.4 (All versions), Mendix Studio Pro 11.5 (All versions), Mendix Studio Pro 11.6 (All versions < V11.6.7), Mendix Studio Pro 11.7 (All versions), Mendix Studio Pro 11.8 (All versions), Mendix Studio Pro 11.9 (All versions). Affected versions of Mendix Studio Pro do not properly validate or sanitize project files processed during the build pipeline. This could allow an attacker who tricks a user into opening and running a specially crafted malicious project locally on their system to execute arbitrary code in the context of that user. |
Risk And Classification
Primary CVSS: v4.0 6.8 MEDIUM from [email protected]
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Problem Types: CWE-94 | CWE-94 CWE-94: Improper Control of Generation of Code ('Code Injection')
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | [email protected] | Secondary | 6.8 | MEDIUM | CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/C... |
| 4.0 | CNA | DECLARED | 6.8 | MEDIUM | CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N |
| 3.1 | [email protected] | Secondary | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N |
| 3.1 | CNA | DECLARED | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N |
CVSS v4.0 Breakdown
Attack Vector
NetworkAttack Complexity
HighAttack Requirements
NonePrivileges Required
HighUser Interaction
ActiveConfidentiality
NoneIntegrity
HighAvailability
NoneSub Conf.
NoneSub Integrity
HighSub Availability
NoneCVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
HighPrivileges Required
HighUser Interaction
RequiredScope
ChangedConfidentiality
NoneIntegrity
HighAvailability
NoneCVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Siemens | Mendix Studio Pro 10.11 | affected * custom | Not specified |
| CNA | Siemens | Mendix Studio Pro 10.12 | affected * custom | Not specified |
| CNA | Siemens | Mendix Studio Pro 10.13 | affected * custom | Not specified |
| CNA | Siemens | Mendix Studio Pro 10.14 | affected * custom | Not specified |
| CNA | Siemens | Mendix Studio Pro 10.15 | affected * custom | Not specified |
| CNA | Siemens | Mendix Studio Pro 10.16 | affected * custom | Not specified |
| CNA | Siemens | Mendix Studio Pro 10.17 | affected * custom | Not specified |
| CNA | Siemens | Mendix Studio Pro 10.18 | affected * custom | Not specified |
| CNA | Siemens | Mendix Studio Pro 10.19 | affected * custom | Not specified |
| CNA | Siemens | Mendix Studio Pro 10.20 | affected * custom | Not specified |
| CNA | Siemens | Mendix Studio Pro 10.21 | affected * custom | Not specified |
| CNA | Siemens | Mendix Studio Pro 10.22 | affected * custom | Not specified |
| CNA | Siemens | Mendix Studio Pro 10.23 | affected * custom | Not specified |
| CNA | Siemens | Mendix Studio Pro 10.24 | affected V10.24.21 custom | Not specified |
| CNA | Siemens | Mendix Studio Pro 11.0 | affected * custom | Not specified |
| CNA | Siemens | Mendix Studio Pro 11.1 | affected * custom | Not specified |
| CNA | Siemens | Mendix Studio Pro 11.10 | affected * custom | Not specified |
| CNA | Siemens | Mendix Studio Pro 11.11 | affected * custom | Not specified |
| CNA | Siemens | Mendix Studio Pro 11.2 | affected * custom | Not specified |
| CNA | Siemens | Mendix Studio Pro 11.3 | affected * custom | Not specified |
| CNA | Siemens | Mendix Studio Pro 11.4 | affected * custom | Not specified |
| CNA | Siemens | Mendix Studio Pro 11.5 | affected * custom | Not specified |
| CNA | Siemens | Mendix Studio Pro 11.6 | affected V11.6.7 custom | Not specified |
| CNA | Siemens | Mendix Studio Pro 11.7 | affected * custom | Not specified |
| CNA | Siemens | Mendix Studio Pro 11.8 | affected * custom | Not specified |
| CNA | Siemens | Mendix Studio Pro 11.9 | affected * custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| cert-portal.siemens.com/productcert/html/ssa-779310.html | [email protected] | cert-portal.siemens.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.