{"api_version":"1","generated_at":"2026-06-30T18:51:22+00:00","cve":"CVE-2026-48192","urls":{"html":"https://cve.report/CVE-2026-48192","api":"https://cve.report/api/cve/CVE-2026-48192.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-48192","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-48192"},"summary":{"title":"CVE-2026-48192","description":"A vulnerability has been identified in Mendix Studio Pro 10.11 (All versions), Mendix Studio Pro 10.12 (All versions), Mendix Studio Pro 10.13 (All versions), Mendix Studio Pro 10.14 (All versions), Mendix Studio Pro 10.15 (All versions), Mendix Studio Pro 10.16 (All versions), Mendix Studio Pro 10.17 (All versions), Mendix Studio Pro 10.18 (All versions), Mendix Studio Pro 10.19 (All versions), Mendix Studio Pro 10.20 (All versions), Mendix Studio Pro 10.21 (All versions), Mendix Studio Pro 10.22 (All versions), Mendix Studio Pro 10.23 (All versions), Mendix Studio Pro 10.24 (All versions < V10.24.21), Mendix Studio Pro 11.0 (All versions), Mendix Studio Pro 11.1 (All versions), Mendix Studio Pro 11.10 (All versions), Mendix Studio Pro 11.11 (All versions), Mendix Studio Pro 11.2 (All versions), Mendix Studio Pro 11.3 (All versions), Mendix Studio Pro 11.4 (All versions), Mendix Studio Pro 11.5 (All versions), Mendix Studio Pro 11.6 (All versions < V11.6.7), Mendix Studio Pro 11.7 (All versions), Mendix Studio Pro 11.8 (All versions), Mendix Studio Pro 11.9 (All versions). Affected versions of Mendix Studio Pro do not properly validate or sanitize project files processed during the build pipeline.\r\nThis could allow an attacker who tricks a user into opening and running a specially crafted malicious project locally on their system to execute arbitrary code in the context of that user.","state":"PUBLISHED","assigner":"siemens","published_at":"2026-06-30 15:16:56","updated_at":"2026-06-30 16:16:53"},"problem_types":["CWE-94","CWE-94 CWE-94: Improper Control of Generation of Code ('Code Injection')"],"metrics":[{"version":"4.0","source":"productcert@siemens.com","type":"Secondary","score":"6.8","severity":"MEDIUM","vector":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"DECLARED","score":"6.8","severity":"MEDIUM","vector":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N","data":{"baseScore":6.8,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N","version":"4.0"}},{"version":"3.1","source":"productcert@siemens.com","type":"Secondary","score":"5.4","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"5.4","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N","data":{"baseScore":5.4,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N","version":"3.1"}}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-779310.html","name":"https://cert-portal.siemens.com/productcert/html/ssa-779310.html","refsource":"productcert@siemens.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-48192","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-48192","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Siemens","product":"Mendix Studio Pro 10.11","version":"affected * custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Mendix Studio Pro 10.12","version":"affected * custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Mendix Studio Pro 10.13","version":"affected * custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Mendix Studio Pro 10.14","version":"affected * custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Mendix Studio Pro 10.15","version":"affected * custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Mendix Studio Pro 10.16","version":"affected * custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Mendix Studio Pro 10.17","version":"affected * custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Mendix Studio Pro 10.18","version":"affected * custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Mendix Studio Pro 10.19","version":"affected * custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Mendix Studio Pro 10.20","version":"affected * custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Mendix Studio Pro 10.21","version":"affected * custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Mendix Studio Pro 10.22","version":"affected * custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Mendix Studio Pro 10.23","version":"affected * custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Mendix Studio Pro 10.24","version":"affected V10.24.21 custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Mendix Studio Pro 11.0","version":"affected * custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Mendix Studio Pro 11.1","version":"affected * custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Mendix Studio Pro 11.10","version":"affected * custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Mendix Studio Pro 11.11","version":"affected * custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Mendix Studio Pro 11.2","version":"affected * custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Mendix Studio Pro 11.3","version":"affected * custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Mendix Studio Pro 11.4","version":"affected * custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Mendix Studio Pro 11.5","version":"affected * custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Mendix Studio Pro 11.6","version":"affected V11.6.7 custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Mendix Studio Pro 11.7","version":"affected * custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Mendix Studio Pro 11.8","version":"affected * custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Mendix Studio Pro 11.9","version":"affected * custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-48192","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-06-30T15:05:23.824249Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-06-30T15:05:37.197Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unknown","product":"Mendix Studio Pro 10.11","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Mendix Studio Pro 10.12","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Mendix Studio Pro 10.13","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Mendix Studio Pro 10.14","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Mendix Studio Pro 10.15","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Mendix Studio Pro 10.16","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Mendix Studio Pro 10.17","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Mendix Studio Pro 10.18","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Mendix Studio Pro 10.19","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Mendix Studio Pro 10.20","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Mendix Studio Pro 10.21","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Mendix Studio Pro 10.22","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Mendix Studio Pro 10.23","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Mendix Studio Pro 10.24","vendor":"Siemens","versions":[{"lessThan":"V10.24.21","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Mendix Studio Pro 11.0","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Mendix Studio Pro 11.1","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Mendix Studio Pro 11.10","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Mendix Studio Pro 11.11","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Mendix Studio Pro 11.2","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Mendix Studio Pro 11.3","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Mendix Studio Pro 11.4","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Mendix Studio Pro 11.5","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Mendix Studio Pro 11.6","vendor":"Siemens","versions":[{"lessThan":"V11.6.7","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Mendix Studio Pro 11.7","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Mendix Studio Pro 11.8","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Mendix Studio Pro 11.9","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in Mendix Studio Pro 10.11 (All versions), Mendix Studio Pro 10.12 (All versions), Mendix Studio Pro 10.13 (All versions), Mendix Studio Pro 10.14 (All versions), Mendix Studio Pro 10.15 (All versions), Mendix Studio Pro 10.16 (All versions), Mendix Studio Pro 10.17 (All versions), Mendix Studio Pro 10.18 (All versions), Mendix Studio Pro 10.19 (All versions), Mendix Studio Pro 10.20 (All versions), Mendix Studio Pro 10.21 (All versions), Mendix Studio Pro 10.22 (All versions), Mendix Studio Pro 10.23 (All versions), Mendix Studio Pro 10.24 (All versions < V10.24.21), Mendix Studio Pro 11.0 (All versions), Mendix Studio Pro 11.1 (All versions), Mendix Studio Pro 11.10 (All versions), Mendix Studio Pro 11.11 (All versions), Mendix Studio Pro 11.2 (All versions), Mendix Studio Pro 11.3 (All versions), Mendix Studio Pro 11.4 (All versions), Mendix Studio Pro 11.5 (All versions), Mendix Studio Pro 11.6 (All versions < V11.6.7), Mendix Studio Pro 11.7 (All versions), Mendix Studio Pro 11.8 (All versions), Mendix Studio Pro 11.9 (All versions). Affected versions of Mendix Studio Pro do not properly validate or sanitize project files processed during the build pipeline.\r\nThis could allow an attacker who tricks a user into opening and running a specially crafted malicious project locally on their system to execute arbitrary code in the context of that user."}],"metrics":[{"cvssV3_1":{"baseScore":5.4,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N","version":"3.1"}},{"cvssV4_0":{"baseScore":6.8,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N","version":"4.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-94","description":"CWE-94: Improper Control of Generation of Code ('Code Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-30T14:30:59.828Z","orgId":"cec7a2ec-15b4-4faf-bd53-b40f371f3a77","shortName":"siemens"},"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-779310.html"}]}},"cveMetadata":{"assignerOrgId":"cec7a2ec-15b4-4faf-bd53-b40f371f3a77","assignerShortName":"siemens","cveId":"CVE-2026-48192","datePublished":"2026-06-30T14:30:59.828Z","dateReserved":"2026-05-21T08:13:02.100Z","dateUpdated":"2026-06-30T15:05:37.197Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-30 15:16:56","lastModifiedDate":"2026-06-30 16:16:53","problem_types":["CWE-94","CWE-94 CWE-94: Improper Control of Generation of Code ('Code Injection')"],"metrics":{"cvssMetricV40":[{"source":"productcert@siemens.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"productcert@siemens.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1,"impactScore":4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-30T15:05:23.824249Z","id":"CVE-2026-48192","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"48192","Ordinal":"1","Title":"CVE-2026-48192","CVE":"CVE-2026-48192","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"48192","Ordinal":"1","NoteData":"A vulnerability has been identified in Mendix Studio Pro 10.11 (All versions), Mendix Studio Pro 10.12 (All versions), Mendix Studio Pro 10.13 (All versions), Mendix Studio Pro 10.14 (All versions), Mendix Studio Pro 10.15 (All versions), Mendix Studio Pro 10.16 (All versions), Mendix Studio Pro 10.17 (All versions), Mendix Studio Pro 10.18 (All versions), Mendix Studio Pro 10.19 (All versions), Mendix Studio Pro 10.20 (All versions), Mendix Studio Pro 10.21 (All versions), Mendix Studio Pro 10.22 (All versions), Mendix Studio Pro 10.23 (All versions), Mendix Studio Pro 10.24 (All versions < V10.24.21), Mendix Studio Pro 11.0 (All versions), Mendix Studio Pro 11.1 (All versions), Mendix Studio Pro 11.10 (All versions), Mendix Studio Pro 11.11 (All versions), Mendix Studio Pro 11.2 (All versions), Mendix Studio Pro 11.3 (All versions), Mendix Studio Pro 11.4 (All versions), Mendix Studio Pro 11.5 (All versions), Mendix Studio Pro 11.6 (All versions < V11.6.7), Mendix Studio Pro 11.7 (All versions), Mendix Studio Pro 11.8 (All versions), Mendix Studio Pro 11.9 (All versions). Affected versions of Mendix Studio Pro do not properly validate or sanitize project files processed during the build pipeline.\r\nThis could allow an attacker who tricks a user into opening and running a specially crafted malicious project locally on their system to execute arbitrary code in the context of that user.","Type":"Description","Title":"CVE-2026-48192"}]}}}