Skip to content
Threat Feed

Product

GlassFish

1 brief RSS
critical advisory

Eclipse GlassFish EL Injection Vulnerability (CVE-2026-2587) Exploit Publicly Available

A remote code execution vulnerability (CVE-2026-2587) exists in Eclipse GlassFish due to unsanitized user-supplied values in XML attributes being evaluated by the Java Expression Language (EL) engine, and a public exploit is now available.

GlassFish rce el-injection cve-2026-2587
2r 1t 1c