Primary

Context

Knowage Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability exists in Knowage versions through 8.1.26. The issue arises from the use of an unsafe 'org.apache.commons.jxpath.JXPathContext' in the 'MetaService.java' file, allowing a normal user to execute commands on the server.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where Knowage is running.

Reproduction

To reproduce this vulnerability, clone the Knowage-Server-Docker repository and start it using Docker Compose. Log in with a normal user account and obtain the session ID. After creating a model for the current session, send a request to the 'checkRelationships' endpoint, including a crafted 'diff' payload that executes a command, such as creating a file in the '/tmp' directory. Finally, verify that the command was executed by checking for the presence of the created file in the container.

Remediation

Users can upgrade to Knowage version 8.1.27 or 8.2.0 to address this vulnerability.

Added: Sep 30, 2025, 12:11 PM

Updated: Sep 30, 2025, 3:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

10.0

exploitability

6.6

remediation

7.7

relevance

0.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

10.0

exploitability

6.6

remediation

7.7

relevance

0.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Knowage Remote Code Execution Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Knowage

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating