IM
IronMonkey Threat Research
‹ Back to ICS Advisories

SSA-779310: Arbitrary Code Execution Vulnerability in Mendix Studio Pro Before V11.12

MEDIUM
CVSS 5.4
Date 2026-06-30T00:00:00+00:00
Source siemens-productcert
Published by Siemens ProductCERT

// Description

Mendix Studio Pro versions before V11.12 are affected by a file parsing vulnerability that could be triggered when the application reads specially crafted malicious project during the build pipeline. This could allow an attacker to execute arbitrary code in the context of that user. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.

// Vulnerabilities (1)

CVE ID CVSS Score Severity Description
CVE-2026-48192 5.4 medium
CVE-2026-48192. Affected versions of Mendix Studio Pro do not properly validate or sanitize project files processed during the build pipeline. This could allow an attacker who tricks a user into opening and running a specially crafted malicious project locally on their system to execute arbitrary code in the context of that user.

// Remediations (2)

Patch: Update to V11.6.7 or later version
Update to V11.6.7 or later version
Patch: Update to V10.24.21 or later version
Update to V10.24.21 or later version

// References