codelibs Fess JSP File AdminDesignAction.java update code injection_CVE-2026-8211

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-8211

Source VulDB

Published May 9, 2026 at 22:15

Affected Product

Vendor codelibs

Product Fess

Version 15.5.0

Affected Versions codelibs Fess 15.5.0
codelibs Fess 15.5.1

CWE Classification

CWE-94 CWE-74

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-05-09T22:15:38.888Z",
    "modified": "2026-05-09T22:15:38.888Z",
    "type": "cve",
    "title": "codelibs Fess JSP File AdminDesignAction.java update code injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/362419\nhttps://vuldb.com/vuln/362419/cti\nhttps://vuldb.com/submit/804293\nhttps://bv3acdnplbr.feishu.cn/docx/Kk1tdEAfAoV6kZxVozUc8UA4nog?from=from_copylink",
    "id": "CVE-2026-8211",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "codelibs Fess 15.5.0\ncodelibs Fess 15.5.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Fess",
    "version": "15.5.0",
    "vendor": "codelibs",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}