Skip to main content

Mendix Studio Pro 11 1

1 CVEs product

Monthly

CVE-2026-48192 MEDIUM CISA This Month

Code injection via malicious project files in Mendix Studio Pro 10.11 through 11.11 allows arbitrary code execution on a developer's workstation when a victim opens and runs a specially crafted project through the build pipeline. Siemens' own ProductCERT (SSA-779310) reported this flaw, classifying it under CWE-94, with patches available only for the 10.24 and 11.6 long-term support lines. No public exploit code has been identified and the vulnerability is not listed in CISA KEV; however, the breadth of affected versions - spanning the entire 10.x and 11.x release trees - means most active Mendix developer environments are exposed.

Code Injection RCE Mendix Studio Pro 10 11 Mendix Studio Pro 10 12 Mendix Studio Pro 10 13 +23
NVD VulDB
CVSS 4.0
6.8
EPSS
0.2%
EPSS 0% CVSS 6.8
MEDIUM This Month

Code injection via malicious project files in Mendix Studio Pro 10.11 through 11.11 allows arbitrary code execution on a developer's workstation when a victim opens and runs a specially crafted project through the build pipeline. Siemens' own ProductCERT (SSA-779310) reported this flaw, classifying it under CWE-94, with patches available only for the 10.24 and 11.6 long-term support lines. No public exploit code has been identified and the vulnerability is not listed in CISA KEV; however, the breadth of affected versions - spanning the entire 10.x and 11.x release trees - means most active Mendix developer environments are exposed.

Code Injection RCE Mendix Studio Pro 10 11 +25
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy