Lucene search
K

12 matches found

NVD
NVD
added 6 days ago9 views

CVE-2026-58138

Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary OS commands by submitting inline workflow definitions containing malicious JavaScript or Python expressions to the workflow API endpoint prior to...

9.8CVSS0.00938EPSS
Exploits1References5
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-40377

Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary OS commands by submitting inline workflow definitions containing malicious JavaScript or Python expressions to the workflow API endpoint prior to...

9.8CVSS6.6AI score0.00938EPSS
Exploits1References5
CVE
CVE
added 6 days ago22 views

CVE-2026-58138

CVE-2026-58138 affects Orkes Conductor 3.21.21 up to, but not including, 3.30.2. The vulnerability arises from unsandboxed GraalVM evaluators built with HostAccess.ALL (or allowAllAccess(true)) used by INLINE, LAMBDA, DO_WHILE, and SWITCH task types, enabling an unauthenticated attacker to submit...

9.8CVSS6.6AI score0.00938EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-53941

Name of the Vulnerable Software and Affected Versions Orkes Conductor versions 3.21.21 through 3.30.1 Description An unauthenticated remote code execution issue exists that allows remote attackers to execute arbitrary OS commands. This occurs when malicious JavaScript or Python expressions are...

9.8CVSS6.6AI score0.00938EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/07/02 12:16 a.m.13 views

CVE-2025-26074

Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes...

9.8CVSS8.3AI score0.00594EPSS
Exploits0References1
OSV
OSV
added 2025/06/30 6:31 p.m.2 views

GHSA-8GQP-HR9G-PG62 Conductor vulnerable to OS command injection through unrestricted access to Java classes

Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes...

9.8CVSS6.2AI score0.00594EPSS
Exploits0References5
OSV
OSV
added 2025/06/30 5:15 p.m.5 views

CVE-2025-26074

Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes...

9.8CVSS6AI score0.00594EPSS
Exploits0References3
NVD
NVD
added 2025/06/30 5:15 p.m.5 views

CVE-2025-26074

Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes...

9.8CVSS0.00594EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/06/30 12:0 a.m.12 views

CVE-2025-26074

Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes...

0.00594EPSS
Exploits0References3
CVE
CVE
added 2025/06/30 12:0 a.m.47 views

CVE-2025-26074

Orkes Conductor v3.21.11 is affected. The issue arises from unrestricted access to Java classes, enabling remote command execution via the ScriptEvaluator path (inline JavaScript injection). Impact is OS command execution with high severity per CVSS, with network attack vector and no user interac...

9.8CVSS7.7AI score0.00594EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/06/30 12:0 a.m.3 views

CVE-2025-26074

Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes...

7.7AI score0.00594EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/30 12:0 a.m.4 views

PT-2025-27453 · Orkes · Orkes Conductor

Name of the Vulnerable Software and Affected Versions: Orkes Conductor version 3.21.11 Description: The issue allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes. This can lead to remote code execution in Orkes Conductor. Recommendations: Update to...

9.8CVSS9AI score0.00594EPSS
Exploits0References12
Rows per page
Query Builder