IM
IronMonkey Threat Research

CVE-2026-48192 MEDIUM

Published: 2026-06-30 | Last Modified: 2026-07-02 | Status: Deferred

Description

A vulnerability has been identified in Mendix Studio Pro 10.11 (All versions), Mendix Studio Pro 10.12 (All versions), Mendix Studio Pro 10.13 (All versions), Mendix Studio Pro 10.14 (All versions), Mendix Studio Pro 10.15 (All versions), Mendix Studio Pro 10.16 (All versions), Mendix Studio Pro 10.17 (All versions), Mendix Studio Pro 10.18 (All versions), Mendix Studio Pro 10.19 (All versions), Mendix Studio Pro 10.20 (All versions), Mendix Studio Pro 10.21 (All versions), Mendix Studio Pro 10.22 (All versions), Mendix Studio Pro 10.23 (All versions), Mendix Studio Pro 10.24 (All versions < V10.24.21), Mendix Studio Pro 11.0 (All versions), Mendix Studio Pro 11.1 (All versions), Mendix Studio Pro 11.10 (All versions), Mendix Studio Pro 11.11 (All versions), Mendix Studio Pro 11.2 (All versions), Mendix Studio Pro 11.3 (All versions), Mendix Studio Pro 11.4 (All versions), Mendix Studio Pro 11.5 (All versions), Mendix Studio Pro 11.6 (All versions < V11.6.7), Mendix Studio Pro 11.7 (All versions), Mendix Studio Pro 11.8 (All versions), Mendix Studio Pro 11.9 (All versions). Affected versions of Mendix Studio Pro do not properly validate or sanitize project files processed during the build pipeline. This could allow an attacker who tricks a user into opening and running a specially crafted malicious project locally on their system to execute arbitrary code in the context of that user.

CVSS Metrics

Base Score: 5.4 (MEDIUM)

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N

Attack VectorNETWORK
Attack ComplexityHIGH
Privileges RequiredHIGH
User InteractionREQUIRED
ScopeCHANGED
Confidentiality ImpactNONE
Integrity ImpactHIGH
Availability ImpactNONE

Source: [email protected]

Type: Secondary

Exploitability Score: 1.0

Impact Score: 4.0

Base Score: 6.8 (MEDIUM)

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack VectorNETWORK
Attack ComplexityHIGH
Attack RequirementsNONE
Privileges RequiredHIGH
User InteractionACTIVE
Vulnerability ConfidentialityNONE
Vulnerability IntegrityHIGH
Vulnerability AvailabilityNONE
Subsequent ConfidentialityNONE
Subsequent IntegrityHIGH
Subsequent AvailabilityNONE

Source: [email protected]

Type: Secondary

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-94
Notification
Message here