Eclipse Equinox OSGi 3.7.2 Remote Code Execution via Console
Details
CVSS v3
9.8
CVSS v4
9.3
NVD published
2026-05-05 12:16:16
EPSS
0.2% probability · 41.7th percentile — 2026-05-12
Affected versions
Eclipse Equinox OSGi version 3.7.2 and all earlier versions
Summary
This unauthenticated remote code execution vulnerability affects the console interface of vulnerable Eclipse Equinox OSGi installations. Attackers can connect to the exposed console port and send malicious base64-encoded bash commands to execute arbitrary code. Successful exploitation allows attackers to establish reverse shells and fully compromise the affected host system.
Remediation
Upgrade Eclipse Equinox OSGi to a patched non-vulnerable version as soon as possible. If an immediate upgrade is not possible, restrict network access to the OSGi console port to only trusted IP addresses. Disable the OSGi console interface entirely if it is not required for your operations.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.