GlassFish

CVEs (7)

• CVE-2026-2586CriMay 19, 2026
  Eclipse

  GlassFish
  risk 0.59cvss 9.1epss 0.00

  An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user.

• CVE-2024-9408Jul 16, 2025
  Eclipse

  GlassFish
  risk 0.00cvss —epss 0.00

  In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints.

• CVE-2024-10032Jul 16, 2025
  Eclipse

  GlassFish
  risk 0.00cvss —epss 0.00

  In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console.

• CVE-2024-10031Jul 16, 2025
  Eclipse

  GlassFish
  risk 0.00cvss —epss 0.00

  In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system.

• CVE-2024-10029Jul 16, 2025
  Eclipse

  GlassFish
  risk 0.00cvss —epss 0.00

  In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in the Administration Console.

• CVE-2024-9343Jul 16, 2025
  Eclipse

  GlassFish
  risk 0.00cvss —epss 0.00

  In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console.

• CVE-2024-9342Jul 16, 2025
  Eclipse

  GlassFish
  risk 0.00cvss —epss 0.00

  In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts.