CVE-2026-2586 – Eclipse Glassfish
CVSS 9.1
CRITICAL
“Critical code execution risks in application servers can expose the systems that run core business services.”
Eclipse Foundation released patches for two critical vulnerabilities affecting Eclipse Glassfish. CVE-2026-2586 has a CVSS score of 9.1, which is Critical severity. CVE-2026-2587 has a CVSS score of 9.6, which is Critical severity.
The vulnerabilities involve expression language and code execution weaknesses that could allow remote code execution in affected Glassfish environments. The updates strengthen execution handling and reduce the risk of attackers running unauthorized code against application server deployments.
Key Details
- Affected Product
- Eclipse Glassfish
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- High
- User Interaction
- None
- CWE Classification
- CWE-94
Patch this CVE on all your endpoints in under 5 minutes.
First 200 endpoints are free forever, scale as needed.