NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-42782

Summary	Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer. This issue affects Apache Syncope: 3.0 through 3.0.16, 4.0 through 4.0.5, 4.1.0. Users are recommended to upgrade to version 4.0.6 / 4.1.1, which fix this issue by forcing even the static initializer in Groovy code to run in a sandbox.
Publication Date	May 26, 2026, 1:16 a.m.
Registration Date	May 27, 2026, 4:07 a.m.
Last Update	May 26, 2026, 6:16 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://lists.apache.org/thread/b869ms0ofrd129f7tgsn9flxgv9ztg2r	security@apache.org
2	http://www.openwall.com/lists/oss-security/2026/05/25/4	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-653	不適切な隔離または分類	https://cwe.mitre.org/data/definitions/653.html