A vulnerability has been identified in Mendix Studio Pro 10.11 (All versions), Mendix Studio Pro 10.12 (All versions), Mendix Studio Pro 10.13 (All versions), Mendix Studio Pro 10.14 (All versions), Mendix Studio Pro 10.15 (All versions), Mendix Studio Pro 10.16 (All versions), Mendix Studio Pro 10.17 (All versions), Mendix Studio Pro 10.18 (All versions), Mendix Studio Pro 10.19 (All versions), Mendix Studio Pro 10.20 (All versions), Mendix Studio Pro 10.21 (All versions), Mendix Studio Pro 10.22 (All versions), Mendix Studio Pro 10.23 (All versions), Mendix Studio Pro 10.24 (All versions < V10.24.21), Mendix Studio Pro 11.0 (All versions), Mendix Studio Pro 11.1 (All versions), Mendix Studio Pro 11.10 (All versions), Mendix Studio Pro 11.11 (All versions), Mendix Studio Pro 11.2 (All versions), Mendix Studio Pro 11.3 (All versions), Mendix Studio Pro 11.4 (All versions), Mendix Studio Pro 11.5 (All versions), Mendix Studio Pro 11.6 (All versions < V11.6.7), Mendix Studio Pro 11.7 (All versions), Mendix Studio Pro 11.8 (All versions), Mendix Studio Pro 11.9 (All versions). Affected versions of Mendix Studio Pro do not properly validate or sanitize project files processed during the build pipeline.
This could allow an attacker who tricks a user into opening and running a specially crafted malicious project locally on their system to execute arbitrary code in the context of that user.

Project Subscriptions

Vendors Products
Siemens Subscribe
Mendix Studio Pro 10.11 Subscribe
Mendix Studio Pro 10.12 Subscribe
Mendix Studio Pro 10.13 Subscribe
Mendix Studio Pro 10.14 Subscribe
Mendix Studio Pro 10.15 Subscribe
Mendix Studio Pro 10.16 Subscribe
Mendix Studio Pro 10.17 Subscribe
Mendix Studio Pro 10.18 Subscribe
Mendix Studio Pro 10.19 Subscribe
Mendix Studio Pro 10.20 Subscribe
Mendix Studio Pro 10.21 Subscribe
Mendix Studio Pro 10.22 Subscribe
Mendix Studio Pro 10.23 Subscribe
Mendix Studio Pro 10.24 Subscribe
Mendix Studio Pro 11.0 Subscribe
Mendix Studio Pro 11.1 Subscribe
Mendix Studio Pro 11.10 Subscribe
Mendix Studio Pro 11.11 Subscribe
Mendix Studio Pro 11.2 Subscribe
Mendix Studio Pro 11.3 Subscribe
Mendix Studio Pro 11.4 Subscribe
Mendix Studio Pro 11.5 Subscribe
Mendix Studio Pro 11.6 Subscribe
Mendix Studio Pro 11.7 Subscribe
Mendix Studio Pro 11.8 Subscribe
Mendix Studio Pro 11.9 Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 01 Jul 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Siemens
Siemens mendix Studio Pro 10.11
Siemens mendix Studio Pro 10.12
Siemens mendix Studio Pro 10.13
Siemens mendix Studio Pro 10.14
Siemens mendix Studio Pro 10.15
Siemens mendix Studio Pro 10.16
Siemens mendix Studio Pro 10.17
Siemens mendix Studio Pro 10.18
Siemens mendix Studio Pro 10.19
Siemens mendix Studio Pro 10.20
Siemens mendix Studio Pro 10.21
Siemens mendix Studio Pro 10.22
Siemens mendix Studio Pro 10.23
Siemens mendix Studio Pro 10.24
Siemens mendix Studio Pro 11.0
Siemens mendix Studio Pro 11.1
Siemens mendix Studio Pro 11.10
Siemens mendix Studio Pro 11.11
Siemens mendix Studio Pro 11.2
Siemens mendix Studio Pro 11.3
Siemens mendix Studio Pro 11.4
Siemens mendix Studio Pro 11.5
Siemens mendix Studio Pro 11.6
Siemens mendix Studio Pro 11.7
Siemens mendix Studio Pro 11.8
Siemens mendix Studio Pro 11.9
Vendors & Products Siemens
Siemens mendix Studio Pro 10.11
Siemens mendix Studio Pro 10.12
Siemens mendix Studio Pro 10.13
Siemens mendix Studio Pro 10.14
Siemens mendix Studio Pro 10.15
Siemens mendix Studio Pro 10.16
Siemens mendix Studio Pro 10.17
Siemens mendix Studio Pro 10.18
Siemens mendix Studio Pro 10.19
Siemens mendix Studio Pro 10.20
Siemens mendix Studio Pro 10.21
Siemens mendix Studio Pro 10.22
Siemens mendix Studio Pro 10.23
Siemens mendix Studio Pro 10.24
Siemens mendix Studio Pro 11.0
Siemens mendix Studio Pro 11.1
Siemens mendix Studio Pro 11.10
Siemens mendix Studio Pro 11.11
Siemens mendix Studio Pro 11.2
Siemens mendix Studio Pro 11.3
Siemens mendix Studio Pro 11.4
Siemens mendix Studio Pro 11.5
Siemens mendix Studio Pro 11.6
Siemens mendix Studio Pro 11.7
Siemens mendix Studio Pro 11.8
Siemens mendix Studio Pro 11.9

Tue, 30 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Title Local Code Execution via Unsanitized Project Files in Mendix Studio Pro

Tue, 30 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 30 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in Mendix Studio Pro 10.11 (All versions), Mendix Studio Pro 10.12 (All versions), Mendix Studio Pro 10.13 (All versions), Mendix Studio Pro 10.14 (All versions), Mendix Studio Pro 10.15 (All versions), Mendix Studio Pro 10.16 (All versions), Mendix Studio Pro 10.17 (All versions), Mendix Studio Pro 10.18 (All versions), Mendix Studio Pro 10.19 (All versions), Mendix Studio Pro 10.20 (All versions), Mendix Studio Pro 10.21 (All versions), Mendix Studio Pro 10.22 (All versions), Mendix Studio Pro 10.23 (All versions), Mendix Studio Pro 10.24 (All versions < V10.24.21), Mendix Studio Pro 11.0 (All versions), Mendix Studio Pro 11.1 (All versions), Mendix Studio Pro 11.10 (All versions), Mendix Studio Pro 11.11 (All versions), Mendix Studio Pro 11.2 (All versions), Mendix Studio Pro 11.3 (All versions), Mendix Studio Pro 11.4 (All versions), Mendix Studio Pro 11.5 (All versions), Mendix Studio Pro 11.6 (All versions < V11.6.7), Mendix Studio Pro 11.7 (All versions), Mendix Studio Pro 11.8 (All versions), Mendix Studio Pro 11.9 (All versions). Affected versions of Mendix Studio Pro do not properly validate or sanitize project files processed during the build pipeline. This could allow an attacker who tricks a user into opening and running a specially crafted malicious project locally on their system to execute arbitrary code in the context of that user.
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published:

Updated: 2026-06-30T15:05:37.197Z

Reserved: 2026-05-21T08:13:02.100Z

Link: CVE-2026-48192

cve-icon Vulnrichment

Updated: 2026-06-30T15:05:33.355Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T10:01:24Z

Weaknesses