61 matches found
CVE-2026-42555
Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to before 13.23.0 evaluate Spring Expression Language SpEL expressions...
Sensitive Information Exposure
com.ritense.valtimo, web is vulnerable to sensitive information exposure. The vulnerability is due to the LoggingRestClientCustomizer automatically logging full HTTP request and response details, including headers and bodies, in error messages, which allows an attacker to access sensitive...
CVE-2026-44516
Valtimo is an open-source business process automation platform. From 12.4.0 to 12.33.0 and 13.26.0, the LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full request body, response body, and response headers...
com.ritense.valtimo:audit (>=13.0.0.RELEASE <=13.22.0.RELEASE), com.ritense.valtimo:besluiten-api (>=13.0.0.RELEASE <=13.22.0.RELEASE) +48 more potentially affected by CVE-2026-42555 via com.ritense.valtimo:case (>=13.0.0.RELEASE <=13.22.0.RELEASE)
com.ritense.valtimo:case MAVEN version =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.13.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.10.0.RELEASE, =13.10.0.RELEASE, =13.0.0.RELEASE,...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the StandardEvaluationContext method. An attacker can execute arbitrary code and exfiltrate credentials by supplying crafted Spring Expression Language SpEL expressions as an authenticated user with...
CVE-2026-42555
Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to before 13.23.0 evaluate Spring Expression Language SpEL expressions...
CVE-2026-44516 Valtimo: Sensitive data exposure through HTTP request/response logging in LoggingRestClientCustomizer
Valtimo is an open-source business process automation platform. From 12.4.0 to 12.33.0 and 13.26.0, the LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full request body, response body, and response headers...
EUVD-2026-30335
Valtimo is an open-source business process automation platform. From 12.4.0 to 12.33.0 and 13.26.0, the LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full request body, response body, and response headers...
CVE-2026-44516
Valtimo (versions 12.4.0–12.33.0 and 13.26.0) contains a vulnerability in the web module where the LoggingRestClientCustomizer intercepts outgoing HTTP calls via Spring RestClient and logs full request/response bodies and headers. When errors occur, this data can appear in HttpClientErrorExceptio...
CVE-2026-44516
Valtimo is an open-source business process automation platform. From 12.4.0 to 12.33.0 and 13.26.0, the LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full request body, response body, and response headers...
CVE-2026-44516 Valtimo: Sensitive data exposure through HTTP request/response logging in LoggingRestClientCustomizer
Valtimo is an open-source business process automation platform. From 12.4.0 to 12.33.0 and 13.26.0, the LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full request body, response body, and response headers...
CVE-2026-42555 Valtimo: SpEL injection via StandardEvaluationContext allows Remote Code Execution by admin users
Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to before 13.23.0 evaluate Spring Expression Language SpEL expressions...
CVE-2026-42555
Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to before 13.23.0 evaluate Spring Expression Language SpEL expressions...
EUVD-2026-30336
Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to before 13.23.0 evaluate Spring Expression Language SpEL expressions...
CVE-2026-42555 Valtimo: SpEL injection via StandardEvaluationContext allows Remote Code Execution by admin users
Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to before 13.23.0 evaluate Spring Expression Language SpEL expressions...
CVE-2026-42555
Valtimo CVE-2026-42555 (SpEL injection in StandardEvaluationContext) affects com.ritense.valtimo:document (12.0.0–12.31.0), com.ritense.valtimo:case (13.0.0–13.22.0), and com.ritense.valtimo:contract (13.4.0–13.22.0). An authenticated ADMIN user can achieve Remote Code Execution and credential ex...
Valtimo 日志信息泄露漏洞
Valtimo is an open-source low-code platform for business process automation developed by Valtimo in the Netherlands. Versions 12.4.0 to 12.33.0 and 13.26.0 of Valtimo have a vulnerability related to log information leakage. This vulnerability stems from the LoggingRestClientCustomizer automatical...
Valtimo 代码注入漏洞
Valtimo is an open-source low-code platform for business process automation developed by Valtimo in the Netherlands. Versions of Valtimo from 12.0.0 to 12.32.0 contained a code injection vulnerability. This vulnerability stemmed from the use of StandardEvaluationContext to evaluate Spring...
com.ritense.valtimo:audit (>=13.0.0.RELEASE <=13.22.0.RELEASE), com.ritense.valtimo:besluiten-api (>=13.0.0.RELEASE <=13.22.0.RELEASE) +48 more potentially affected by CVE-2026-42555 via com.ritense.valtimo:case (>=13.0.0.RELEASE <=13.22.0.RELEASE)
com.ritense.valtimo:case MAVEN version =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.13.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.10.0.RELEASE, =13.10.0.RELEASE, =13.0.0.RELEASE,...
CVE-2026-34164
Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox messages can contain highly sensitive information including personal data PII, citizen identifier...