CVE-2025-26074
published 2025-06-30CVE-2025-26074: Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes.
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.59%
44.0th percentile
Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes.
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Conductor vulnerable to OS command injection through unrestricted access to Java classes
ghsa·2025-06-30
CVE-2025-26074 [CRITICAL] CWE-78 Conductor vulnerable to OS command injection through unrestricted access to Java classes
Conductor vulnerable to OS command injection through unrestricted access to Java classes
Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes.
OSV
Conductor vulnerable to OS command injection through unrestricted access to Java classes
osv·2025-06-30
CVE-2025-26074 [CRITICAL] Conductor vulnerable to OS command injection through unrestricted access to Java classes
Conductor vulnerable to OS command injection through unrestricted access to Java classes
Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-06-30
Published