CVE-2026-2586

CRITICAL NVD

CVSS Score 9.1

Severity CRITICAL

Published May 19, 2026

Vendor unknown

Description

An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user.

References

https://gitlab.eclipse.org/security/cve-assignment/-/issues/87