IM
IronMonkey Threat Research
‹ Back to ICS Advisories

Siemens Mendix Studio Pro

MEDIUM
CVSS 5.4
Date 2026-07-07T06:00:00+00:00
Source cisa-csaf
Published by CISA

// Description

Mendix Studio Pro versions before V11.12 are affected by a file parsing vulnerability that could be triggered when the application reads specially crafted malicious project during the build pipeline. This could allow an attacker to execute arbitrary code in the context of that user. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.

// Vulnerabilities (1)

CVE ID CVSS Score Severity Description
CVE-2026-48192 5.4 medium
CVE-2026-48192. Affected versions of Mendix Studio Pro do not properly validate or sanitize project files processed during the build pipeline. This could allow an attacker who tricks a user into opening and running a specially crafted malicious project locally on their system to execute arbitrary code in the context of that user.

// Remediations (4)

Patch: Update to V10.24.21 or later version
Update to V10.24.21 or later version
Patch: Update to V11.6.7 or later version
Update to V11.6.7 or later version
Patch: Update to V11.6.7 or later version
Update to V11.6.7 or later version
Patch: Update to V10.24.21 or later version
Update to V10.24.21 or later version

// References