CVE-2026-42785

Name of the Vulnerable Software and Affected Versions OpenKM version 6.3.12

Description Authenticated administrators can execute arbitrary Java or BeanShell code via the '/admin/Scripting' endpoint. By submitting malicious script content using the action=Evaluate parameter, an attacker can execute operating system commands within the context of the application server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.