Home

Description

Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes.

PUBLISHED Reserved 2025-02-07 | Published 2025-06-30 | Updated 2025-06-30 | Assigner mitre

References

github.com/conductor-oss/conductor

github.com/...lix/conductor/core/events/ScriptEvaluator.java

medium.com/...s-via-inline-javascript-injection-5ce3cb651cfb

cve.org (CVE-2025-26074)

nvd.nist.gov (CVE-2025-26074)

Download JSON