GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection

Summary Administrator can perform JNDI attack through specially crafted DB2 jdbc url leading to Remote Code Execution RCE. Impact If GeoServer has DB2 extension installed, this vulnerability can lead to executing arbitrary code. Details Authenticated users can access Vector Data Sources page to...

GHSA-G628-R368-6VH7 GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection

Summary Administrator can perform JNDI attack through specially crafted DB2 jdbc url leading to Remote Code Execution RCE. Impact If GeoServer has DB2 extension installed, this vulnerability can lead to executing arbitrary code. Details Authenticated users can access Vector Data Sources page to...

PT-2026-48799

Name of the Vulnerable Software and Affected Versions GeoServer DB2 DataStore Extension versions prior to 2.27.0 Description An administrator can perform a JNDI attack through a specially crafted DB2 jdbc url, which can lead to Remote Code Execution RCE. Authenticated users can access the Vector...

Exploit for Eval Injection in Geoserver

CVE-2024-36401 — Unauthenticated RCE in GeoServer !CVEhttp...

Exploit for Code Injection in Geoserver

CV...

CVE-2026-41043 vulnerabilities

Vulnerabilities for packages: geoserver...

GHSA-2JP3-2923-9H52 vulnerabilities

Vulnerabilities for packages: geoserver...

GHSA-W3W2-MPP5-92GM vulnerabilities

Vulnerabilities for packages: geoserver...

GHSA-MR6M-XJ7V-3CV3 vulnerabilities

Vulnerabilities for packages: geoserver...

CVE-2026-41044 vulnerabilities

Vulnerabilities for packages: geoserver...

CVE-2026-40466 vulnerabilities

Vulnerabilities for packages: geoserver...

CVE-2026-5598 vulnerabilities

Vulnerabilities for packages: keycloak, jruby, kserve-modelmesh, pinot-fips, spark, ruby3.2-bouncy-castle-java, wso2is, ruby4.0-bouncy-castle-java, zipkin, elasticsearch, apache-nifi, kayenta, sonarqube, pinot, gradle, hadoop-fips, ghidra, jenkins, wildfly, commercial-elasticsearch, kayenta-fips,...

GHSA-P93R-85WP-75V3 vulnerabilities

Vulnerabilities for packages: keycloak, jruby, kserve-modelmesh, pinot-fips, spark, ruby3.2-bouncy-castle-java, wso2is, ruby4.0-bouncy-castle-java, zipkin, elasticsearch, apache-nifi, kayenta, sonarqube, pinot, gradle, hadoop-fips, ghidra, jenkins, wildfly, commercial-elasticsearch, kayenta-fips,...

CVE-2026-33227 vulnerabilities

Vulnerabilities for packages: geoserver, zipkin, apache-activemq-artemis...

CVE-2026-39304 vulnerabilities

Vulnerabilities for packages: geoserver, zipkin, apache-activemq-artemis...

GHSA-H2H4-5M64-M273 vulnerabilities

Vulnerabilities for packages: geoserver, zipkin, apache-activemq-artemis...

GHSA-5568-6QCG-G7FX vulnerabilities

Vulnerabilities for packages: geoserver, zipkin, apache-activemq-artemis...

CVE-2026-34197 vulnerabilities

Vulnerabilities for packages: apache-activemq, apache-activemq-fips, geoserver...

GHSA-RXPJ-7QVF-XV32 vulnerabilities

Vulnerabilities for packages: apache-activemq, apache-activemq-fips, geoserver...

CVE-2025-66168 vulnerabilities

Vulnerabilities for packages: geoserver...