Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
CVE-2026-32735 is a low severity vulnerability with a CVSS score of 0.0. No known public exploits at this time.
Very low probability of exploitation
EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.
openapi-to-java-records-mustache-templates allows users to generate Java Records from OpenAPI specifications. Starting in version 5.1.1 and prior to version 5.5.1, the parent POM file of this project (openapi-to-java-records-mustache-templates-parent), which is used to centralize plugin configurations for multiple unit-test modules, uses maven-dependency-plugin to unpack arbitrary .mustache files from the openapi-to-java-records-mustache-templates artifact (of the same version). While this parent POM file is not intended for external use, it is published, and could be used by anyone, and does not follow the best security practices. The risk, is that if openapi-to-java-records-mustache-templates would be compromised, and malicious .mustache files were to be included in the resulting JAR/artifact, users would unpack these files automatically during a dependency update. This is addressed in the v3.5.1 release of openapi-to-java-records-mustache-templates-parent. It is strongly recommended NOT to use the parent POM for external use. The openapi-to-java-records-mustache-templates module is the center of this project, and surrounding modules and configurations are not intended for production-use. These only exist for testing purposes and maintainability.
Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.