A vulnerability has been identified in Mendix Studio Pro 10.11 (All versions), Mendix Studio Pro 10.12 (All versions), Mendix Studio Pro 10.13 (All versions), Mendix Studio Pro 10.14 (All versions), Mendix Studio Pro 10.15 (All versions), Mendix Studio Pro 10.16 (All versions), Mendix Studio Pro 10.17 (All versions), Mendix Studio Pro 10.18 (All versions), Mendix Studio Pro 10.19 (All versions), Mendix Studio Pro 10.20 (All versions), Mendix Studio Pro 10.21 (All versions), Mendix Studio Pro 10.22 (All versions), Mendix Studio Pro 10.23 (All versions), Mendix Studio Pro 10.24 (All versions < V10.24.21), Mendix Studio Pro 11.0 (All versions), Mendix Studio Pro 11.1 (All versions), Mendix Studio Pro 11.10 (All versions), Mendix Studio Pro 11.11 (All versions), Mendix Studio Pro 11.2 (All versions), Mendix Studio Pro 11.3 (All versions), Mendix Studio Pro 11.4 (All versions), Mendix Studio Pro 11.5 (All versions), Mendix Studio Pro 11.6 (All versions < V11.6.7), Mendix Studio Pro 11.7 (All versions), Mendix Studio Pro 11.8 (All versions), Mendix Studio Pro 11.9 (All versions). Affected versions of Mendix Studio Pro do not properly validate or sanitize project files processed during the build pipeline. This could allow an attacker who tricks a user into opening and running a specially crafted malicious project locally on their system to execute arbitrary code in the context of that user.
History

Wed, 01 Jul 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Siemens
Siemens mendix Studio Pro 10.11
Siemens mendix Studio Pro 10.12
Siemens mendix Studio Pro 10.13
Siemens mendix Studio Pro 10.14
Siemens mendix Studio Pro 10.15
Siemens mendix Studio Pro 10.16
Siemens mendix Studio Pro 10.17
Siemens mendix Studio Pro 10.18
Siemens mendix Studio Pro 10.19
Siemens mendix Studio Pro 10.20
Siemens mendix Studio Pro 10.21
Siemens mendix Studio Pro 10.22
Siemens mendix Studio Pro 10.23
Siemens mendix Studio Pro 10.24
Siemens mendix Studio Pro 11.0
Siemens mendix Studio Pro 11.1
Siemens mendix Studio Pro 11.10
Siemens mendix Studio Pro 11.11
Siemens mendix Studio Pro 11.2
Siemens mendix Studio Pro 11.3
Siemens mendix Studio Pro 11.4
Siemens mendix Studio Pro 11.5
Siemens mendix Studio Pro 11.6
Siemens mendix Studio Pro 11.7
Siemens mendix Studio Pro 11.8
Siemens mendix Studio Pro 11.9
Vendors & Products Siemens
Siemens mendix Studio Pro 10.11
Siemens mendix Studio Pro 10.12
Siemens mendix Studio Pro 10.13
Siemens mendix Studio Pro 10.14
Siemens mendix Studio Pro 10.15
Siemens mendix Studio Pro 10.16
Siemens mendix Studio Pro 10.17
Siemens mendix Studio Pro 10.18
Siemens mendix Studio Pro 10.19
Siemens mendix Studio Pro 10.20
Siemens mendix Studio Pro 10.21
Siemens mendix Studio Pro 10.22
Siemens mendix Studio Pro 10.23
Siemens mendix Studio Pro 10.24
Siemens mendix Studio Pro 11.0
Siemens mendix Studio Pro 11.1
Siemens mendix Studio Pro 11.10
Siemens mendix Studio Pro 11.11
Siemens mendix Studio Pro 11.2
Siemens mendix Studio Pro 11.3
Siemens mendix Studio Pro 11.4
Siemens mendix Studio Pro 11.5
Siemens mendix Studio Pro 11.6
Siemens mendix Studio Pro 11.7
Siemens mendix Studio Pro 11.8
Siemens mendix Studio Pro 11.9

Tue, 30 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Title Local Code Execution via Unsanitized Project Files in Mendix Studio Pro

Tue, 30 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 30 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in Mendix Studio Pro 10.11 (All versions), Mendix Studio Pro 10.12 (All versions), Mendix Studio Pro 10.13 (All versions), Mendix Studio Pro 10.14 (All versions), Mendix Studio Pro 10.15 (All versions), Mendix Studio Pro 10.16 (All versions), Mendix Studio Pro 10.17 (All versions), Mendix Studio Pro 10.18 (All versions), Mendix Studio Pro 10.19 (All versions), Mendix Studio Pro 10.20 (All versions), Mendix Studio Pro 10.21 (All versions), Mendix Studio Pro 10.22 (All versions), Mendix Studio Pro 10.23 (All versions), Mendix Studio Pro 10.24 (All versions < V10.24.21), Mendix Studio Pro 11.0 (All versions), Mendix Studio Pro 11.1 (All versions), Mendix Studio Pro 11.10 (All versions), Mendix Studio Pro 11.11 (All versions), Mendix Studio Pro 11.2 (All versions), Mendix Studio Pro 11.3 (All versions), Mendix Studio Pro 11.4 (All versions), Mendix Studio Pro 11.5 (All versions), Mendix Studio Pro 11.6 (All versions < V11.6.7), Mendix Studio Pro 11.7 (All versions), Mendix Studio Pro 11.8 (All versions), Mendix Studio Pro 11.9 (All versions). Affected versions of Mendix Studio Pro do not properly validate or sanitize project files processed during the build pipeline. This could allow an attacker who tricks a user into opening and running a specially crafted malicious project locally on their system to execute arbitrary code in the context of that user.
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2026-06-30T14:30:59.828Z

Updated: 2026-06-30T15:05:37.197Z

Reserved: 2026-05-21T08:13:02.100Z

Link: CVE-2026-48192

cve-icon Vulnrichment

Updated: 2026-06-30T15:05:33.355Z

cve-icon NVD

No data.

cve-icon Redhat

No data.