Crocoblock JetEngine CVE-2026-28134
HIGHSeverity by source
AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetEngine jet-engine allows Remote Code Inclusion.This issue affects JetEngine: from n/a through <= 3.7.2.
AnalysisAI
Remote code execution in Crocoblock JetEngine versions 3.7.2 and earlier allows authenticated attackers to execute arbitrary code through improper handling of code generation. An attacker with valid credentials can leverage this code injection vulnerability to achieve remote code inclusion and gain full control over affected WordPress installations. No patch is currently available, leaving all users of vulnerable JetEngine versions at risk.
Technical ContextAI
Classified as CWE-94 (Code Injection). Affects Crocoblock JetEngine jet-engine. Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetEngine jet-engine allows Remote Code Inclusion.This issue affects JetEngine: from n/a through <= 3.7.2.
Affected ProductsAI
Product: Crocoblock JetEngine jet-engine.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-94 – Code Injection
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today