CVE-2026-2586

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GlassFish (affected versions not specified)

Description An authenticated Remote Code Execution (RCE) issue exists in the Administration Console. A user with access to the panel can send crafted requests to execute arbitrary operating system commands with the privileges of the application service user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-917CWE-94

Related Identifiers

CVE-2026-2586

Affected Products

Glassfish

CVE-2026-2586

Weakness Enumeration

Related Identifiers

Affected Products

References · 4