Tim-Conrad

**Name of the Vulnerable Software and Affected Versions** Spring Boot Admin versions prior to 2.6.10 Spring Boot Admin versions prior to 2.7.8 **Description** The issue affects users who run Spring Boot Admin Server with enabled Notifiers and write access to environment variables via UI. This allows for arbitrary code execution. Users are advised to upgrade to the most recent releases to resolve the issue. **Recommendations** For versions prior to 2.6.10, upgrade to version 2.6.10 or later. For versions prior to 2.7.8, upgrade to version 2.7.8 or later. As a temporary workaround, consider disabling any notifier. Restrict access to the `/env` actuator endpoint by disabling write access (POST request) until a patch is available.