GHSA-96v6-hq43-x9h4CriticalCVSS 9.1

GlassFish's Administration Console is Vulnerable to RCE

Published
May 19, 2026
Last Modified
June 4, 2026

🔗 CVE IDs covered (1)

📋 Description

An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user.

🎯 Affected products2

  • maven/org.glassfish.main.admingui:console-common:< 8.0.2
  • maven/org.glassfish.jsftemplating:jsftemplating:< 4.2.0

🔗 References (4)