CVE-2026-42785

Severity CVSS v4.0:
HIGH
Type:
CWE-94 Code Injection
Publication date:
26/05/2026
Last modified:
26/05/2026

Description

OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary Java/BeanShell code through the /admin/Scripting endpoint. Attackers can submit malicious script content with an action=Evaluate parameter to execute operating system commands in the context of the OpenKM application server.