CVE-2026-39052 | THREATINT

Description

Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.run(String expression, String type, Map<String, Object> context) evaluates attacker-controlled script expressions through the underlying script engine without sandboxing or allowlist restrictions.

PUBLISHED Reserved 2026-04-06 | Published 2026-05-15 | Updated 2026-05-15 | Assigner mitre

References

www.oinone.top/changelog

github.com/oinone/oinone-pamirs

gist.github.com/Misakim1/859c3eb9ced699089ee0747dae9bedc1

cve.org (CVE-2026-39052)

nvd.nist.gov (CVE-2026-39052)

Download JSON