VYPR

GlassFish

by Eclipse

Source repositories

CVEs (3)

  • CVE-2026-2587CriMay 19, 2026
    risk 0.62cvss 9.6epss 0.01

    A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context where Expression Language (EL)…

  • CVE-2026-2586CriMay 19, 2026
    risk 0.59cvss 9.1epss 0.01

    An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application…

  • CVE-2022-2712MedJan 27, 2023
    risk 0.35cvss 6.5epss 0.01

    In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration…