Plateforme
java
Composant
xwiki-platform
Corrigé dans
17.0.1
17.5.1
17.0.1
17.5.1
17.0.1
17.5.1
CVE-2026-33229 is a Remote Code Execution (RCE) vulnerability affecting the XWiki Platform. This flaw arises from an improperly protected scripting API, enabling users with script rights to bypass the Velocity scripting API's sandboxing and execute arbitrary code, potentially granting full access to the XWiki instance. The vulnerability impacts versions 17.0.0-rc-1 through 17.10.1, excluding 17.4.8 and later. A patch is available in version 17.4.8.
Statut de l'Exploit
EPSS
0.15% (percentile 36%)
Actualice XWiki Platform a la versión 17.4.8 o superior, o a la versión 17.10.1 o superior. Esta actualización corrige una vulnerabilidad de ejecución remota de código al proteger adecuadamente la API de scripting Velocity, evitando que los usuarios con permisos de script ejecuten código arbitrario.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-33229 is a Remote Code Execution (RCE) vulnerability in XWiki Platform. It allows users with script rights to bypass the sandboxing of the Velocity scripting API and execute arbitrary code, potentially compromising the entire XWiki instance.
You are potentially affected if you are running XWiki Platform versions 17.0.0-rc-1 through 17.5.0-rc-1, or between 17.5.0-rc-1 and 17.10.1 (excluding 17.4.8 and later).
Upgrade to XWiki Platform version 17.4.8 or later to address this vulnerability. Ensure that script rights are not granted to untrusted users to minimize potential impact.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier pom.xml et nous te dirons instantanément si tu es affecté.