Plataforma
java
Componente
xwiki-platform
Corrigido em
17.0.1
17.5.1
17.0.1
17.5.1
17.0.1
17.5.1
CVE-2026-33229 is a Remote Code Execution (RCE) vulnerability affecting the XWiki Platform. This flaw arises from an improperly protected scripting API, enabling users with script rights to bypass the Velocity scripting API's sandboxing and execute arbitrary code, potentially granting full access to the XWiki instance. The vulnerability impacts versions 17.0.0-rc-1 through 17.10.1, excluding 17.4.8 and later. A patch is available in version 17.4.8.
Status do Exploit
EPSS
0.15% (percentil 36%)
Actualice XWiki Platform a la versión 17.4.8 o superior, o a la versión 17.10.1 o superior. Esta actualización corrige una vulnerabilidad de ejecución remota de código al proteger adecuadamente la API de scripting Velocity, evitando que los usuarios con permisos de script ejecuten código arbitrario.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2026-33229 is a Remote Code Execution (RCE) vulnerability in XWiki Platform. It allows users with script rights to bypass the sandboxing of the Velocity scripting API and execute arbitrary code, potentially compromising the entire XWiki instance.
You are potentially affected if you are running XWiki Platform versions 17.0.0-rc-1 through 17.5.0-rc-1, or between 17.5.0-rc-1 and 17.10.1 (excluding 17.4.8 and later).
Upgrade to XWiki Platform version 17.4.8 or later to address this vulnerability. Ensure that script rights are not granted to untrusted users to minimize potential impact.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo pom.xml e descubra na hora se você está afetado.