Plattform
java
Komponente
xwiki-platform
Behoben in
17.0.1
17.5.1
17.0.1
17.5.1
17.0.1
17.5.1
CVE-2026-33229 is a Remote Code Execution (RCE) vulnerability affecting the XWiki Platform. This flaw arises from an improperly protected scripting API, enabling users with script rights to bypass the Velocity scripting API's sandboxing and execute arbitrary code, potentially granting full access to the XWiki instance. The vulnerability impacts versions 17.0.0-rc-1 through 17.10.1, excluding 17.4.8 and later. A patch is available in version 17.4.8.
Exploit-Status
EPSS
0.15% (36% Perzentil)
Actualice XWiki Platform a la versión 17.4.8 o superior, o a la versión 17.10.1 o superior. Esta actualización corrige una vulnerabilidad de ejecución remota de código al proteger adecuadamente la API de scripting Velocity, evitando que los usuarios con permisos de script ejecuten código arbitrario.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-33229 is a Remote Code Execution (RCE) vulnerability in XWiki Platform. It allows users with script rights to bypass the sandboxing of the Velocity scripting API and execute arbitrary code, potentially compromising the entire XWiki instance.
You are potentially affected if you are running XWiki Platform versions 17.0.0-rc-1 through 17.5.0-rc-1, or between 17.5.0-rc-1 and 17.10.1 (excluding 17.4.8 and later).
Upgrade to XWiki Platform version 17.4.8 or later to address this vulnerability. Ensure that script rights are not granted to untrusted users to minimize potential impact.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine pom.xml-Datei hoch und wir sagen dir sofort, ob du betroffen bist.