Apache CXF Framework Patches Three Severe Security Flaws

The advisory reports multiple critical vulnerabilities in Apache CXF—an LDAP injection in the XKMS certificate repository, an XML External Entity (XXE) flaw in WS-Transfer, and an incomplete fix enabling a remote code execution path via JMS (CVE-2026-44417)—affecting several branches; it recommends immediate upgrades to versions 4.2.1, 4.1.6, or 3.6.11 to mitigate these risks.