CRITICAL🇵🇱 Wersja polska

CVE-2026-2586

CVSS 9.1v3.1pub. 2026-05-19upd. 2026-06-29

An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user. This issue affects Eclipse GlassFish: from 8.0.0 to 8.0.1, fixed in 8.0.2; 7.1.0, fixed in 7.1.1; from 7.0.0 to 7.0.25, fixed in 7.0.26. Impact on versions from 5.1.0 to 6.2.5 is unknown.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Eclipse Glassfish

    APP
    Eclipse
    < 8.0.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2026-2587CRITICAL9.6ten sam produkt

A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mech...

CVE-2024-9408HIGH8.9ten sam produkt

In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in spe...

CVE-2024-10029MEDIUM4.5ten sam produkt

In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in the Admin...

CVE-2024-10032MEDIUM6.1ten sam produkt

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administ...

CVE-2024-10031MEDIUM5.8ten sam produkt

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying th...