Volerion logoVolerion
Volerion logoVolerion

Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Apache Struts Remote Code Execution Vulnerability in Struts 1 Plugin

Vulnerability

A remote code execution vulnerability has been identified in Apache Struts versions 2.1.x and 2.3.x, specifically within the Struts 1 plugin. This vulnerability arises when a malicious field value is sent in a raw message to the ActionMessage, allowing for unauthorized execution of code.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where the vulnerable Struts application is running.

Reproduction

To reproduce this vulnerability, upload a malicious payload using the 'name' parameter in the 'description' field of a form. The payload should be crafted to exploit the OGNL (Object-Graph Navigation Language) expression evaluation, taking advantage of the Struts 1 plugin's improper input validation. Once the payload is delivered, the server will execute the embedded commands, leading to remote code execution.

Remediation

Users are advised to update to Apache Struts versions 2.5.12 or 2.3.33 and later, where this vulnerability has been patched.

Added: Mar 11, 2026, 6:58 PM
Updated: Mar 11, 2026, 6:58 PM

Vulnerability Rating

Custom Algorithm
spread
6.4
impact
10.0
exploitability
9.6
remediation
8.3
relevance
0.0
threat
9.9
urgency
2.9
incentive
8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.