CVE-2026-2586
Possible ATT&CK Techniques 1AI
T1059 · Command and Scripting InterpreterAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Eclipse Foundation | Eclipse Glassfish | 8.0.2≤ * | unaffected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-2586
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Eclipse Glassfish 代码注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Eclipse Glassfish是Eclipse基金会的一个应用服务器。 Eclipse Glassfish存在代码注入漏洞,该漏洞源于允许具有面板访问权限的用户发送特制请求,从而以应用程序服务用户权限执行任意操作系统命令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Eclipse Foundation | Eclipse Glassfish | 8.0.2 ~ * | - |
II. Public POCs for CVE-2026-2586
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-2586
请登录查看更多情报信息。
Advisory · 1
IV. Related Vulnerabilities
Same weakness: CWE-94
- CVE-2026-8467
Unauthenticated remote code execution via HEEx template inje - CVE-2026-22314
Mesalvo Meona Client Launcher Component和Mesalvo Meona Server - CVE-2026-46586
Apache OFBiz: Improper Validation in traverseContent Service - CVE-2026-35086
Apache OFBiz: Authenticated Remote Code Execution via Unsafe - CVE-2026-8838
Remote Code Execution via eval() Injection in amazon-redshif
V. Comments for CVE-2026-2586
No comments yet