OpenAM 16.1.1 patches 10+ CVEs as wodzen coordinated disclosure rolls out

The Open Identity Platform OpenAM project pushed version 16.1.1 on June 17, 2026. The release notes enumerate 17 OpenAM-specific CVEs plus ~50 dependency CVEs, but the security advisories themselves only began appearing publicly on June 22 and accelerated through June 25–29. The bulk of the OpenAM cluster is credited to a single researcher, wodzen, and three of the freshly-public CVEs are pre-auth.

OpenAM Community Edition is the maintained fork of the codebase ForgeRock retired when it became Ping Identity. The fork carries a long deserialization tail — most notoriously CVE-2021-35464, the ForgeRock OpenAM jato.pageSession pre-auth RCE later added to CISA's KEV catalog. The CVEs disclosed this week land in the same general failure mode.

What's affected

All versions through OpenAM Community Edition 16.0.6. Fixed in 16.1.1.

The CVEs that became public June 25–29

Each links to the GitHub Security Advisory; CVE-anchored links point at NVD.

• CVE-2026-46560 — Authentication bypass via RADIUS spoofing. CVSS 7.5. Unauthenticated. The RADIUS client opens an unconnected UDP socket and treats the first inbound Access-Accept as valid — no Response Authenticator check, no Message-Authenticator. A forged packet on the wire grants a session for any RADIUS user in the realm. Public June 25.
• CVE-2026-45794 — Unsafe Java deserialization via Push Notification. The SNS push-callback REST route is mounted anonymous; on a stale messageId, OpenAM falls back to a CTS-stored blob whose top-level keys are passed to Class.forName(...) and then through Jackson with attacker JSON. Requires a low-priv account to seed the CTS row, then anonymous callback to trigger. Public June 25.
• CVE-2026-46498 — Arbitrary OAuth token minting via Push Registration. CTS rows are read back on the OAuth2 path without namespace isolation or integrity check; a forged blob is honored as a real token. Bearer and OIDC ID tokens with attacker-specified subject, client, realm, and scope. Public June 25.
• CVE-2026-46619 — Authentication bypass via MSISDN LDAP injection. Unauthenticated. The MSISDN module concatenates the request-supplied value straight into an LDAP filter. Default trusted-gateway config accepts all traffic. Valid session, no credentials needed. Public June 26.
• CVE-2026-46623 — Account takeover via OAuth2 unverified password change. Unauthenticated. Default-config OAuth2 re-login silently rewrites the local password to the literal username, then logs the attacker in as the victim. Disabled accounts get re-enabled in the process. Public June 26.
• CVE-2026-47424 — Authenticated RCE via Groovy sandbox escape. CVSS:4.0 7.5. The server-side scripting sandbox doesn't hold under Groovy; a realm admin who can edit a script gets OS-command execution as the OpenAM JVM user. Cross-realm in practice. Public June 27.
• CVE-2026-47426 — OAuth client impersonation via JWKS resolver cache. High. Public June 28.
• CVE-2026-48717 — OAuth authorization bypass via PKCE challenge. Moderate. Public June 28.
• CVE-2026-53660 — Insecure SSO cookie initialization. Moderate. Public June 29.

The earlier June 22–25 batch — CVE-2026-41573 (LDAP injection via _queryId), CVE-2026-44793 (pre-auth XSS in SAML2 redirect), CVE-2026-44203 (pre-auth XSS in OAuth2/OIDC), CVE-2026-44202 (authenticated SSRF), CVE-2026-45048 / CVE-2026-45049 (session hijacking via Session Service RPC and CDSSO), and CVE-2026-45051, the pre-auth WebAuthn Class.forName/Jackson deserialization — all also resolve in 16.1.1. CVE-2026-45051 is the spiritual sibling to CVE-2021-35464.

Exploitation status

No public PoC and no in-the-wild reports at the time of publication. None of the openidentityplatform advisories cite active exploitation; CISA has not added any of these to KEV. The pre-auth advisories — RADIUS spoof, MSISDN LDAP injection, OAuth2 password rewrite, WebAuthn deserialization — are the practical exposure surface. Trivial exploit-paths in CVE-2026-46619 and CVE-2026-46623 in particular.

Patch

OpenAM 16.1.1 is the only fix. There are no backports. The release also rebuilds against patched versions of Netty, Jakarta Mail, Apache CXF 4.0.11, Apache Cassandra, BouncyCastle, and js-yaml — about 50 dependency CVEs.

Action checklist

1. Upgrade to 16.1.1. If you cannot, restrict each affected module behind network ACLs while you plan.
2. Audit MSISDN authentication. If the module is enabled, treat every successful login since June 17 as potentially attacker-initiated. The LDAP injection has no preconditions beyond reaching the endpoint.
3. Audit OAuth2 logs for client-side login patterns that match CVE-2026-46623. Default-config OAuth2 re-logins that paired username==password against a known account are the signal.
4. Disable the Push Notification SNS callback if you don't use it. Both pre-public CVEs in the CTS class (CVE-2026-45794, CVE-2026-46498) chain through the same endpoint. The route is mounted anonymous.
5. Restrict who can edit Groovy scripts. CVE-2026-47424 needs realm-admin script-write — review whether that role is currently broader than it should be, and rotate credentials for any account holding it.
6. If RADIUS auth is configured, force re-key. Even after upgrading, audit logs for the dead-giveaway of CVE-2026-46560: Access-Accept responses arriving from non-RADIUS source IPs.

Pattern context

OpenAM has been carrying a deserialization tail since the ForgeRock days. CVE-2021-35464 made KEV, drove a wave of internet-facing OpenAM RCE in late 2021, and was the proximate cause of multiple breaches the following year. The 2026 cluster repeats the structural problem — Java deserialization plus a CTS row attackers can place — twice (CVE-2026-45051 in WebAuthn, CVE-2026-45794 in Push), this time alongside an unauthenticated OAuth2 password-rewrite and a RADIUS client that doesn't validate responses.

The maintainer pattern is also worth flagging: 16.1.1 shipped on June 17 and the OpenAM team is now releasing advisories on a slow cadence, one or two per day, more than a week after the patch is generally available. Teams pulling release notes alone — and not GitHub Security Advisories — would have shipped the fix and not learned what they were fixing until this week.

What other outlets missed

Most coverage so far has focused on the Groovy sandbox escape (CVE-2026-47424) and reported it as the headline RCE. It is the highest-severity authenticated finding, but the unauthenticated path is more interesting: CVE-2026-46619 (MSISDN LDAP injection) and CVE-2026-46623 (OAuth2 silent password rewrite) both yield a valid session for an attacker who has only network reach to the login endpoint, and both depend on default configurations that ship enabled. The pre-auth WebAuthn deserialization (CVE-2026-45051) is the third pre-auth path. The Groovy bug needs an admin to begin with.