CVE-2026-8211 | codelibs Fess up to 15.5.1 JSP File AdminDesignAction.java update content code injection

A vulnerability classified as critical was found in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection.

This vulnerability was named CVE-2026-8211. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-8211 | codelibs Fess up to 15.5.1 JSP File AdminDesignAction.java update content code injection

Post correlati

CVE-2024-24042 | Devan-Kerman ARRP up to 0.8.1 RuntimeResourcePackImpl dumpDirect path traversal

CVE-2025-64134 | JDepend Plugin up to 1.3.1 on Jenkins XML Parser xml external entity reference

CVE-2024-0220 | B&R Industrial Automation Automation Studio/Technology Guarding missing encryption

CVE-2025-5542 | TOTOLINK X2000R 1.0.0-B20230726.1108 Virtual Server Page /boafrm/formPortFw service_type cross site scripting