Description

A vulnerability has been identified in Mendix Studio Pro 10.11 (All versions), Mendix Studio Pro 10.12 (All versions), Mendix Studio Pro 10.13 (All versions), Mendix Studio Pro 10.14 (All versions), Mendix Studio Pro 10.15 (All versions), Mendix Studio Pro 10.16 (All versions), Mendix Studio Pro 10.17 (All versions), Mendix Studio Pro 10.18 (All versions), Mendix Studio Pro 10.19 (All versions), Mendix Studio Pro 10.20 (All versions), Mendix Studio Pro 10.21 (All versions), Mendix Studio Pro 10.22 (All versions), Mendix Studio Pro 10.23 (All versions), Mendix Studio Pro 10.24 (All versions < V10.24.21), Mendix Studio Pro 11.0 (All versions), Mendix Studio Pro 11.1 (All versions), Mendix Studio Pro 11.10 (All versions), Mendix Studio Pro 11.11 (All versions), Mendix Studio Pro 11.2 (All versions), Mendix Studio Pro 11.3 (All versions), Mendix Studio Pro 11.4 (All versions), Mendix Studio Pro 11.5 (All versions), Mendix Studio Pro 11.6 (All versions < V11.6.7), Mendix Studio Pro 11.7 (All versions), Mendix Studio Pro 11.8 (All versions), Mendix Studio Pro 11.9 (All versions). Affected versions of Mendix Studio Pro do not properly validate or sanitize project files processed during the build pipeline. This could allow an attacker who tricks a user into opening and running a specially crafted malicious project locally on their system to execute arbitrary code in the context of that user.

Severity (CVSS)

Base score6.8
SeverityMedium
VersionCVSS 4.0
VectorCVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N
Provided byCNA

Weaknesses

  • CWE-94 — CWE-94: Improper Control of Generation of Code ('Code Injection')

Affected products

VendorProductVersions
SiemensMendix Studio Pro 10.110 to <*
SiemensMendix Studio Pro 10.120 to <*
SiemensMendix Studio Pro 10.130 to <*
SiemensMendix Studio Pro 10.140 to <*
SiemensMendix Studio Pro 10.150 to <*
SiemensMendix Studio Pro 10.160 to <*
SiemensMendix Studio Pro 10.170 to <*
SiemensMendix Studio Pro 10.180 to <*
SiemensMendix Studio Pro 10.190 to <*
SiemensMendix Studio Pro 10.200 to <*
SiemensMendix Studio Pro 10.210 to <*
SiemensMendix Studio Pro 10.220 to <*
SiemensMendix Studio Pro 10.230 to <*
SiemensMendix Studio Pro 10.240 to <V10.24.21
SiemensMendix Studio Pro 11.00 to <*
SiemensMendix Studio Pro 11.10 to <*
SiemensMendix Studio Pro 11.100 to <*
SiemensMendix Studio Pro 11.110 to <*
SiemensMendix Studio Pro 11.20 to <*
SiemensMendix Studio Pro 11.30 to <*
SiemensMendix Studio Pro 11.40 to <*
SiemensMendix Studio Pro 11.50 to <*
SiemensMendix Studio Pro 11.60 to <V11.6.7
SiemensMendix Studio Pro 11.70 to <*
SiemensMendix Studio Pro 11.80 to <*
SiemensMendix Studio Pro 11.90 to <*

References

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 01 Jul 2026 07:05 UTC.