Conductor

Source repositories

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2025-26074	Netflix Conductor	Cri	0.57	9.8	0.01		Jun 30, 2025	Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes.
CVE-2020-9296	Netflix Conductor		0.00	—	0.01		Jun 16, 2020	Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message…

CVE-2025-26074CriJun 30, 2025
Netflix
Conductor
risk 0.57cvss 9.8epss 0.01
Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes.
CVE-2020-9296Jun 16, 2020
Netflix
Conductor
risk 0.00cvss —epss 0.01
Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message…