Skip to main content

Eclipse GlassFish CVE-2026-2586

| EUVD-2026-30939 CRITICAL
Code Injection (CWE-94)
2026-05-19 eclipse GHSA-96v6-hq43-x9h4
RCE Code Injection
9.1
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
May 19, 2026 - 15:00 vuln.today

DescriptionNVD

An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user.

AnalysisAI

Remote code execution in Eclipse GlassFish allows attackers with administrative access to the Administration Console to execute arbitrary operating system commands as the application service user. The flaw stems from improper input handling in admin panel requests (CWE-94), and while CVSS rates it 9.1 due to scope change and full CIA impact, exploitation requires high privileges (PR:H). …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Inventory all GlassFish deployments and immediately restrict admin console network access to trusted administrative personnel and networks only. Within 7 days: Conduct forensic audit of admin console access logs for the past 90 days to identify unauthorized access; implement IP whitelisting and multi-factor authentication for all administrative accounts. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-2586 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy