CVE-2026-42785 | THREATINT

Description

OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary Java/BeanShell code through the /admin/Scripting endpoint. Attackers can submit malicious script content with an action=Evaluate parameter to execute operating system commands in the context of the OpenKM application server.

PUBLISHED Reserved 2026-04-29 | Published 2026-05-26 | Updated 2026-05-26 | Assigner VulnCheck

HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

Improper Control of Generation of Code ('Code Injection')

Product status

Default status

unknown

Any version

affected

Default status

unknown

Any version

affected

Credits

Terra System Labs Pvt. Ltd. finder

References

www.exploit-db.com/exploits/52520 (ExploitDB-52520) exploit

www.openkm.com/ (Official Product Homepage) product

hub.docker.com/r/openkm/openkm-ce (Product Reference) product

terrasystemlabs.com/...day-vulnerabilities-terra-system-labs (Vulnerability Advisory) vendor-advisory

github.com/...asystemlabs/Exploits/tree/main/OpenKM-Exploits (Proof-of-Concept Toolkit) product

github.com/.../nuclei-templates/openkm-remote-code-execution (Nuclei Detection Template) product

www.vulncheck.com/...-execution-via-administrative-scripting (VulnCheck Advisory: OpenKM 6.3.12 Remote Code Execution via Administrative Scripting) third-party-advisory

cve.org (CVE-2026-42785)

nvd.nist.gov (CVE-2026-42785)

Download JSON