CVE-2026-42797 | Apache Syncope up to 3.0.16/4.0.5/4.1.0 JEXL information exposure

A vulnerability was found in Apache Syncope up to 3.0.16/4.0.5/4.1.0. It has been declared as problematic. This affects an unknown part of the component JEXL Handler. The manipulation results in exposure of sensitive information through data queries.

This vulnerability is reported as CVE-2026-42797. The attack can be launched remotely. No exploit exists.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More