Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability Allowing Remote Code Execution

Vulnerability

Exploited

Patched

A vulnerability exists in the RichFaces Framework versions 3.0 through 3.3.4, allowing for Expression Language (EL) injection via the UserResource resource. This issue enables remote, unauthenticated attackers to execute arbitrary code by exploiting a chain of Java serialized objects through org.ajax4jsf.resource.UserResource$UriData.

Impact

Exploitation of this vulnerability allows for unauthorized remote code execution on the server where the affected RichFaces version is deployed.

Remediation

Users can apply the security update available through the Red Hat JBoss Network. It is recommended to back up the existing JBoss installation and to stop the JBoss server process before applying the update. After the update, the JBoss server should be restarted.

Added: May 15, 2026, 12:00 PM

Updated: May 15, 2026, 12:00 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

7.5

exploitability

5.8

remediation

7.7

relevance

0.0

threat

9.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

7.5

exploitability

5.8

remediation

7.7

relevance

0.0

threat

9.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

RichFaces

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating