CVE-2026-48192 | A vulnerability has been identified in Mendix Studio Pro 10.… | CVSS 5.4 MEDIUM

Description

A vulnerability has been identified in Mendix Studio Pro 10.11 (All versions), Mendix Studio Pro 10.12 (All versions), Mendix Studio Pro 10.13 (All versions), Mendix Studio Pro 10.14 (All versions), Mendix Studio Pro 10.15 (All versions), Mendix Studio Pro 10.16 (All versions), Mendix Studio Pro 10.17 (All versions), Mendix Studio Pro 10.18 (All versions), Mendix Studio Pro 10.19 (All versions), Mendix Studio Pro 10.20 (All versions), Mendix Studio Pro 10.21 (All versions), Mendix Studio Pro 10.22 (All versions), Mendix Studio Pro 10.23 (All versions), Mendix Studio Pro 10.24 (All versions < V10.24.21), Mendix Studio Pro 11.0 (All versions), Mendix Studio Pro 11.1 (All versions), Mendix Studio Pro 11.10 (All versions), Mendix Studio Pro 11.11 (All versions), Mendix Studio Pro 11.2 (All versions), Mendix Studio Pro 11.3 (All versions), Mendix Studio Pro 11.4 (All versions), Mendix Studio Pro 11.5 (All versions), Mendix Studio Pro 11.6 (All versions < V11.6.7), Mendix Studio Pro 11.7 (All versions), Mendix Studio Pro 11.8 (All versions), Mendix Studio Pro 11.9 (All versions). Affected versions of Mendix Studio Pro do not properly validate or sanitize project files processed during the build pipeline. This could allow an attacker who tricks a user into opening and running a specially crafted malicious project locally on their system to execute arbitrary code in the context of that user.

Metadata

CVE ID: CVE-2026-48192
State: PUBLISHED
Assigner: siemens
Reserved: 2026-05-21 08:13 UTC
Published: 2026-06-30 14:30 UTC
Last updated: 2026-06-30 15:05 UTC
Primary CWE: CWE-94
CWE-94: Improper Control of Generation of Code ('Code Inject…
Vendor / Product: Siemens / Mendix Studio Pro 10.11
Sources: cve.org · NVD

Severity & Metrics

5.4 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (26)

Vendor	Product	Platform	Versions
Siemens	Mendix Studio Pro 10.11	—	0 < *
Siemens	Mendix Studio Pro 10.12	—	0 < *
Siemens	Mendix Studio Pro 10.13	—	0 < *
Siemens	Mendix Studio Pro 10.14	—	0 < *
Siemens	Mendix Studio Pro 10.15	—	0 < *
Siemens	Mendix Studio Pro 10.16	—	0 < *
Siemens	Mendix Studio Pro 10.17	—	0 < *
Siemens	Mendix Studio Pro 10.18	—	0 < *
Siemens	Mendix Studio Pro 10.19	—	0 < *
Siemens	Mendix Studio Pro 10.20	—	0 < *
Siemens	Mendix Studio Pro 10.21	—	0 < *
Siemens	Mendix Studio Pro 10.22	—	0 < *
Siemens	Mendix Studio Pro 10.23	—	0 < *
Siemens	Mendix Studio Pro 10.24	—	0 < V10.24.21
Siemens	Mendix Studio Pro 11.0	—	0 < *
Siemens	Mendix Studio Pro 11.1	—	0 < *
Siemens	Mendix Studio Pro 11.10	—	0 < *
Siemens	Mendix Studio Pro 11.11	—	0 < *
Siemens	Mendix Studio Pro 11.2	—	0 < *
Siemens	Mendix Studio Pro 11.3	—	0 < *
Siemens	Mendix Studio Pro 11.4	—	0 < *
Siemens	Mendix Studio Pro 11.5	—	0 < *
Siemens	Mendix Studio Pro 11.6	—	0 < V11.6.7
Siemens	Mendix Studio Pro 11.7	—	0 < *
Siemens	Mendix Studio Pro 11.8	—	0 < *
Siemens	Mendix Studio Pro 11.9	—	0 < *

Weakness (CWE)

CWE	Source	Description
CWE-94	cna	CWE-94: Improper Control of Generation of Code ('Code Injection')

CVSS scores (2)

Score	Severity	Version	Source	Vector
6.8	MEDIUM	4.0	cna	CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N
5.4	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N

References (1)

https://cert-portal.siemens.com/productcert/html/ssa-779310.html