Eclipse GlassFish Administration Console Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in the Eclipse GlassFish Administration Console, specifically in versions 7.1.0 and 8.0.0. This vulnerability allows authenticated users with access to the console to send crafted requests that execute arbitrary operating system commands. The commands are executed with the privileges of the application service user.

Impact

Exploitation of this vulnerability allows for authenticated remote code execution on the server, with the executed commands running under the application's service user privileges.

Added: May 19, 2026, 3:30 PM

Updated: May 19, 2026, 3:30 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

10.0

exploitability

5.4

remediation

0.0

relevance

8.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

10.0

exploitability

5.4

remediation

0.0

relevance

8.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Eclipse GlassFish Administration Console Remote Code Execution Vulnerability

Vulnerability

Impact

Affected Products

Eclipse GlassFish

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating