CVE-2026-8759 | xiandafu beetl up to 3.20.2 SpELFunction SpELFunction.java expression language injection (IIYAWC)

A vulnerability was found in xiandafu beetl up to 3.20.2. It has been rated as critical. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFunction.java of the component SpELFunction. The manipulation leads to improper neutralization of special elements used in an expression language statement.

This vulnerability is referenced as CVE-2026-8759. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-8759 | xiandafu beetl up to 3.20.2 SpELFunction SpELFunction.java expression language injection (IIYAWC)

Post correlati

CVE-2023-46348 | SunnyToo sturls up to 1.1.12 on PrestaShop getInstanceId sql injection

CVE-2024-5043 | Emlog Pro 2.3.4 admin/setting.php unrestricted upload

CVE-2024-6916 | Open Mainframe Project Zowe CLI up to 5.22.5 storing passwords in a recoverable format

CVE-2024-56138 | notaryproject notation-go up to 1.3.0-rc.1 improper check for certificate revocation