CVE-2025-26074
Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes.
| Software | From | Fixed in |
|---|---|---|
org.conductoross / conductor-core
|
- | 3.21.13 |
- https://github.com/conductor-oss/conductor
- https://github.com/conductor-oss/conductor/blob/main/core/src/main/java/com/netflix/conductor/core/events/ScriptEvaluator.java
- https://github.com/conductor-oss/conductor/commit/e9816501df1e364a3d39d7fe37d6e167c40eaa1b
- https://medium.com/@mrcnry/cve-2025-26074-remote-code-execution-in-conductor-oss-via-inline-javascript-injection-5ce3cb651cfb
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime