{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Mendix Studio Pro versions before V11.12 are affected by a file parsing vulnerability that could be triggered when the application reads specially crafted malicious project during the build pipeline. This could allow an attacker to execute arbitrary code in the context of that user.\n\nSiemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-779310: Arbitrary Code Execution Vulnerability in Mendix Studio Pro Before V11.12 - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-779310.html"
      },
      {
        "category": "self",
        "summary": "SSA-779310: Arbitrary Code Execution Vulnerability in Mendix Studio Pro Before V11.12 - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-779310.json"
      }
    ],
    "title": "SSA-779310: Arbitrary Code Execution Vulnerability in Mendix Studio Pro Before V11.12",
    "tracking": {
      "current_release_date": "2026-06-30T00:00:00.000Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-779310",
      "initial_release_date": "2026-06-30T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-06-30T00:00:00.000Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        }
      ],
      "status": "interim",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mendix Studio Pro 10.11",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "Mendix Studio Pro 10.11"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mendix Studio Pro 10.12",
                  "product_id": "2"
                }
              }
            ],
            "category": "product_name",
            "name": "Mendix Studio Pro 10.12"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mendix Studio Pro 10.13",
                  "product_id": "3"
                }
              }
            ],
            "category": "product_name",
            "name": "Mendix Studio Pro 10.13"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mendix Studio Pro 10.14",
                  "product_id": "4"
                }
              }
            ],
            "category": "product_name",
            "name": "Mendix Studio Pro 10.14"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mendix Studio Pro 10.15",
                  "product_id": "5"
                }
              }
            ],
            "category": "product_name",
            "name": "Mendix Studio Pro 10.15"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mendix Studio Pro 10.16",
                  "product_id": "6"
                }
              }
            ],
            "category": "product_name",
            "name": "Mendix Studio Pro 10.16"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mendix Studio Pro 10.17",
                  "product_id": "7"
                }
              }
            ],
            "category": "product_name",
            "name": "Mendix Studio Pro 10.17"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mendix Studio Pro 10.18",
                  "product_id": "8"
                }
              }
            ],
            "category": "product_name",
            "name": "Mendix Studio Pro 10.18"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mendix Studio Pro 10.19",
                  "product_id": "9"
                }
              }
            ],
            "category": "product_name",
            "name": "Mendix Studio Pro 10.19"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mendix Studio Pro 10.20",
                  "product_id": "10"
                }
              }
            ],
            "category": "product_name",
            "name": "Mendix Studio Pro 10.20"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mendix Studio Pro 10.21",
                  "product_id": "11"
                }
              }
            ],
            "category": "product_name",
            "name": "Mendix Studio Pro 10.21"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mendix Studio Pro 10.22",
                  "product_id": "12"
                }
              }
            ],
            "category": "product_name",
            "name": "Mendix Studio Pro 10.22"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mendix Studio Pro 10.23",
                  "product_id": "13"
                }
              }
            ],
            "category": "product_name",
            "name": "Mendix Studio Pro 10.23"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/<10.24.21",
                "product": {
                  "name": "Mendix Studio Pro 10.24 < V10.24.21",
                  "product_id": "14"
                }
              }
            ],
            "category": "product_name",
            "name": "Mendix Studio Pro 10.24"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mendix Studio Pro 11.0",
                  "product_id": "15"
                }
              }
            ],
            "category": "product_name",
            "name": "Mendix Studio Pro 11.0"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mendix Studio Pro 11.1",
                  "product_id": "16"
                }
              }
            ],
            "category": "product_name",
            "name": "Mendix Studio Pro 11.1"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mendix Studio Pro 11.10",
                  "product_id": "17"
                }
              }
            ],
            "category": "product_name",
            "name": "Mendix Studio Pro 11.10"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mendix Studio Pro 11.11",
                  "product_id": "18"
                }
              }
            ],
            "category": "product_name",
            "name": "Mendix Studio Pro 11.11"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mendix Studio Pro 11.2",
                  "product_id": "19"
                }
              }
            ],
            "category": "product_name",
            "name": "Mendix Studio Pro 11.2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mendix Studio Pro 11.3",
                  "product_id": "20"
                }
              }
            ],
            "category": "product_name",
            "name": "Mendix Studio Pro 11.3"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mendix Studio Pro 11.4",
                  "product_id": "21"
                }
              }
            ],
            "category": "product_name",
            "name": "Mendix Studio Pro 11.4"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mendix Studio Pro 11.5",
                  "product_id": "22"
                }
              }
            ],
            "category": "product_name",
            "name": "Mendix Studio Pro 11.5"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/<11.6.7",
                "product": {
                  "name": "Mendix Studio Pro 11.6 < V11.6.7",
                  "product_id": "23"
                }
              }
            ],
            "category": "product_name",
            "name": "Mendix Studio Pro 11.6"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mendix Studio Pro 11.7",
                  "product_id": "24"
                }
              }
            ],
            "category": "product_name",
            "name": "Mendix Studio Pro 11.7"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mendix Studio Pro 11.8",
                  "product_id": "25"
                }
              }
            ],
            "category": "product_name",
            "name": "Mendix Studio Pro 11.8"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mendix Studio Pro 11.9",
                  "product_id": "26"
                }
              }
            ],
            "category": "product_name",
            "name": "Mendix Studio Pro 11.9"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-48192",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code ('Code Injection')"
      },
      "notes": [
        {
          "category": "description",
          "text": "Affected versions of Mendix Studio Pro do not properly validate or sanitize project files processed during the build pipeline.\r\nThis could allow an attacker who tricks a user into opening and running a specially crafted malicious project locally on their system to execute arbitrary code in the context of that user.",
          "title": "CVE Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11",
          "12",
          "13",
          "14",
          "15",
          "16",
          "17",
          "18",
          "19",
          "20",
          "21",
          "22",
          "23",
          "24",
          "25",
          "26"
        ]
      },
      "remediations": [
        {
          "category": "no_fix_planned",
          "details": "Currently no fix is planned",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "24",
            "25",
            "26"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V10.24.21 or later version",
          "product_ids": [
            "14"
          ],
          "url": "https://docs.mendix.com/releasenotes/studio-pro/10.24/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V11.6.7 or later version",
          "product_ids": [
            "23"
          ],
          "url": "https://docs.mendix.com/releasenotes/studio-pro/11.6/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23",
            "24",
            "25",
            "26"
          ]
        }
      ],
      "title": "CVE-2026-48192"
    }
  ]
}