This vulnerability allows unauthenticated remote attackers to execute arbitrary code on systems running affected Eclipse Equinox OSGi. Attackers can connect to the exposed OSGi console via telnet and exploit the fork command functionality to run malicious code. Successful exploitation leads to full system compromise and remote control by attackers.
Remediation
Update Eclipse Equinox OSGi to a version outside the affected 3.8 to 3.18 range that patches this vulnerability. Restrict public network access to the OSGi console port to only authorized trusted sources until the update is applied. Disable the OSGi console if it is not actively used by your organization.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.