CVEFinder.io

CVE-2026-2586

β›” critical
πŸ” Scan for this CVE
Summary

An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user.

CVSS Score
9.1
Critical
EPSS Score
0.3
Exploit Probability
Published Date
2026-05-19
First Seen: 2026-05-20
πŸ“Š Relative Risk Intelligence

This CVE is High Risk - more severe than 87.7% of all 326,604 vulnerabilities in our database.

#40,129
Top 25% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 19, 2026
πŸ” Exploitation Status
None
No known exploits
βš™οΈ Automatable
NO
Requires human interaction
πŸ’₯ Technical Impact
Total
Complete system compromise possible
πŸ† Discovered By
Camilo G. AkA Dedalo (DeepSecurity PerΓΊ) Gabriel A. Hinostroza Ayala (DeepSecurity PerΓΊ)
SSVC data provided by CISA
Last Modified 2026-05-21
Source NVD πŸ”—
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-94 CWE-917

πŸ“¦ Affected Products 1

Vendor Product Status Affected Versions
eclipse glassfish Affected
< 8.0.2

πŸ”— References 1

https://gitlab.eclipse.org/security/cve-assignment/-...
Issue Tracking Third Party Advisory Exploit

πŸ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-2587 β›” critical 9.6 0.2 A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used... 2026-05-19
CVE-2024-10029 πŸ”Ά medium 6.1 0.0 In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in the Administration ... 2025-07-16
CVE-2024-10031 πŸ”Ά medium 5.4 0.0 In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configur... 2025-07-16
CVE-2024-10032 πŸ”Ά medium 5.4 0.0 In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Con... 2025-07-16
CVE-2024-9342 β›” critical 9.8 0.1 In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limita... 2025-07-16
CVE-2024-9343 πŸ”Ά medium 6.1 0.0 In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Con... 2025-07-16
These CVEs affect the same products