CVE-2026-2587 | Eclipse Glassfish up to 7.0.x/8.0.0 Gadget expression language injection

A vulnerability classified as critical was found in Eclipse Glassfish up to 7.0.x/8.0.0. This vulnerability affects unknown code of the component Gadget Handler. The manipulation results in improper neutralization of special elements used in an expression language statement.

This vulnerability is identified as CVE-2026-2587. The attack can be executed remotely. There is not any exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More