CVE-2026-2586

CRITICAL CVSS 9.1 View on NVD ↗

Description

An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

References

https://gitlab.eclipse.org/security/cve-assignment/-/issues/87

Published: May 19, 2026 15:16 UTC Modified: May 19, 2026 17:57 UTC