Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
8DescriptionGitHub Advisory
Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL (Spring Expression Language) to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike orca, it was NOT restricting that context to a set of trusted classes, but allowing FULL JVM access. This enabled a user to use arbitrary java classes which allow deep access to the system. This enabled the ability to invoke commands, access files, etc. Versions 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2 contain a patch. As a workaround, disable echo entirely.
AnalysisAI
Remote code execution in Spinnaker's Echo service (all versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2) allows authenticated attackers with low privileges to execute arbitrary system commands and access files through unrestricted Spring Expression Language (SPeL) injection in artifact processing. Unlike Spinnaker's Orca service which implemented SPeL sandbox restrictions, Echo permits full JVM class access, enabling attackers to invoke arbitrary Java classes for deep system compromise. The CVSS 9.9 score reflects network attack vector with low complexity, scope change to impact other components, and complete CIA triad compromise. EPSS and KEV data not available - exploitation status unknown but patches are available from Spinnaker project.
Technical ContextAI
Spinnaker's Echo service processes expected artifacts using Spring Expression Language (SPeL), a powerful expression language built into the Spring Framework that allows runtime evaluation of expressions against Java objects. The vulnerability stems from Echo's failure to restrict the SPeL evaluation context to a safe subset of classes, unlike the defense implemented in Spinnaker's Orca service. This unrestricted access permits attackers to reference and invoke arbitrary Java classes available in the JVM classpath, including dangerous classes like Runtime, ProcessBuilder, and file I/O classes. The root cause aligns with CWE-94 (Improper Control of Generation of Code - Code Injection), where user-controlled input is evaluated as executable code without sufficient sandboxing. This is a classic SPeL injection vulnerability pattern affecting Spring-based applications, where expression evaluation without allowlist-based class restrictions transforms intended data processing into a code execution primitive.
RemediationAI
Upgrade Spinnaker to patched versions immediately: 2026.1.0 or 2026.0.1 for 2026.x deployments, 2025.4.2 for 2025.4.x deployments, or 2025.3.2 for 2025.3.x deployments. Release packages available at https://github.com/spinnaker/spinnaker/releases/tag/spinnaker-release-2026.0.1, https://github.com/spinnaker/spinnaker/releases/tag/spinnaker-release-2025.4.2, and https://github.com/spinnaker/spinnaker/releases/tag/spinnaker-release-2025.3.2. The patches implement class allowlisting for SPeL evaluation contexts in Echo, mirroring the protection already present in Orca. For environments unable to immediately upgrade, disable the Echo service entirely as a temporary workaround - note this will impact pipeline notification, event handling, and webhook functionality, potentially disrupting CI/CD workflows. Network-level compensating controls are ineffective since the vulnerability requires authenticated access already permitted for legitimate users. If Echo must remain operational pre-patch, implement strict RBAC to minimize accounts with artifact configuration permissions and audit all artifact definitions for suspicious SPeL expressions, though manual inspection is error-prone and not a substitute for patching.
Oracle Java SE 7 Update 6 and earlier contains multiple sandbox bypass vulnerabilities via the ClassFinder and forName m
Remote code execution in IBM Sterling B2B Integrator, Sterling Integrator, and Tivoli Common Reporting allows unauthenti
Java Runtime Environment sandbox bypass via incorrect image channel verification in 2D component allows remote unauthent
Oracle Java SE JDK/JRE 7 and 6 Update 27 and earlier allows remote code execution with complete system compromise throug
JBoss Seam 2 in Red Hat JBoss EAP 4.3.0 fails to sanitize JBoss Expression Language inputs, allowing remote attackers to
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 up
Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Up
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allow
Remote unauthenticated attackers can execute arbitrary code on Adobe ColdFusion servers through Java deserialization fla
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during
Same weakness CWE-94 – Code Injection
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-23964
GHSA-69rw-45wj-g4v6