Oracle · Glassfish · CVE-2026-2586
**Name of the Vulnerable Software and Affected Versions**
GlassFish (affected versions not specified)
**Description**
An authenticated Remote Code Execution (RCE) issue exists in the Administration Console. A user with access to the panel can send crafted requests to execute arbitrary operating system commands with the privileges of the application service user.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.