CVE 9.1 CRITICAL

CVE-2026-2586_CVE-2026-2586

May 19, 2026 invoker category_cve

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Description

An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user.

AI Analysis

Authenticated Remote Code Execution (RCE) vulnerability in GlassFish's Administration Console

Basic Information

ID CVE-2026-2586

Source eclipse

Published May 19, 2026 at 14:12

Affected Product

Vendor Eclipse Foundation

Product Eclipse Glassfish

Version 7.1.0, 8.0.0

Affected Versions Eclipse Foundation Eclipse Glassfish 7.1.0
Eclipse Foundation Eclipse Glassfish 8.0.0

CWE Classification

CWE-94 CWE-917

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor Eclipse Foundation

Product Eclipse Glassfish

Version 7.1.0, 8.0.0

References

gitlab.eclipse.org /security/cve-assignment/-/issues/87

{
    "lastseen": "",
    "description": "An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user.",
    "published": "2026-05-19T14:12:06.459Z",
    "modified": "2026-05-19T14:12:06.459Z",
    "type": "cve",
    "title": "CVE-2026-2586",
    "source": "eclipse",
    "references": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/87",
    "id": "CVE-2026-2586",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94",
        "CWE-917"
    ],
    "cvelist": null,
    "sourceData": "Eclipse Foundation Eclipse Glassfish 7.1.0\nEclipse Foundation Eclipse Glassfish 8.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Eclipse Glassfish",
    "version": "7.1.0, 8.0.0",
    "vendor": "Eclipse Foundation",
    "ai_description": "Authenticated Remote Code Execution (RCE) vulnerability in GlassFish's Administration Console",
    "ai_severity": "Critical",
    "ai_vendor": "Eclipse Foundation",
    "ai_product": "Eclipse Glassfish",
    "ai_version": "7.1.0, 8.0.0",
    "ai_score": 9.1
}

💭 Join the Security Discussion ❌ Cancel Reply