VYPR
High severity7.2NVD Advisory· Published May 26, 2026· Updated May 26, 2026

CVE-2026-42785

CVE-2026-42785

Description

OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary Java/BeanShell code through the /admin/Scripting endpoint. Attackers can submit malicious script content with an action=Evaluate parameter to execute operating system commands in the context of the OpenKM application server.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Openkm/Openkminferred2 versions
    = 6.3.12+ 1 more
    • (no CPE)range: = 6.3.12
    • (no CPE)range: =6.3.12

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.