CVE-2026-8759

Name of the Vulnerable Software and Affected Versions xiandafu beetl versions prior to 3.20.3

Description Improper neutralization of special elements in an expression language statement allows for remote exploitation. The issue exists within the SpELFunction component, specifically in an unknown function located in the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFunction.java.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. Restrict the use of the SpELFunction component to minimize the risk of exploitation.