Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for openremote by openremote
CVE-2026-56120 (GCVE-0-2026-56120)
Vulnerability from cvelistv5 – Published: 2026-06-23 20:54 – Updated: 2026-06-23 21:03
VLAI
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it's a duplicate of CVE-2026-56784.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2026-06-23T21:03:57.607Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"rejectedReasons": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it\u0027s a duplicate of CVE-2026-56784.\u003cbr\u003e"
}
],
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it\u0027s a duplicate of CVE-2026-56784."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-56120",
"datePublished": "2026-06-23T20:54:15.497Z",
"dateRejected": "2026-06-23T21:03:57.607Z",
"dateReserved": "2026-06-18T19:15:10.651Z",
"dateUpdated": "2026-06-23T21:03:57.607Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-56784 (GCVE-0-2026-56784)
Vulnerability from cvelistv5 – Published: 2026-06-23 12:13 – Updated: 2026-06-23 21:02 X_Open Source
VLAI
Title
OpenRemote < 1.25.0 IDOR via Bulk Alarm Deletion Endpoint
Summary
OpenRemote before 1.25.0 contains an insecure direct object reference (IDOR) vulnerability in the bulk alarm deletion endpoint that allows authenticated users to permanently delete alarms belonging to other tenants by supplying arbitrary alarm IDs. The removeAlarms() method in AlarmResourceImpl.java omits realm-scoping validation in its JPA query, enabling any user with alarm-write permissions to enumerate sequential auto-increment alarm IDs and delete cross-tenant alarm records without authorization.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/openremote/openremote/security… | vendor-advisory |
| https://www.vulncheck.com/advisories/openremote-c… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| openremote | openremote |
Affected:
0 , < 1.25.0
(semver)
Unaffected: 1.25.0 (semver) |
Date Public
2026-06-19 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-56784",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-23T15:02:05.383363Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T15:04:55.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/openremote/openremote/security/advisories/GHSA-h3m5-97jq-qjrf"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "openremote",
"repo": "https://github.com/openremote/openremote",
"vendor": "openremote",
"versions": [
{
"lessThan": "1.25.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "1.25.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openremote:openremote:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.25.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Tulkin Urinbaev (@Forklit)"
},
{
"lang": "en",
"type": "reporter",
"value": "Vladyslav Koniakhin (@vladkoniakhinmob)"
}
],
"datePublic": "2026-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenRemote before 1.25.0 contains an insecure direct object reference (IDOR) vulnerability in the bulk alarm deletion endpoint that allows authenticated users to permanently delete alarms belonging to other tenants by supplying arbitrary alarm IDs. The removeAlarms() method in AlarmResourceImpl.java omits realm-scoping validation in its JPA query, enabling any user with alarm-write permissions to enumerate sequential auto-increment alarm IDs and delete cross-tenant alarm records without authorization."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T21:02:37.342Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-h3m5-97jq-qjrf)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openremote/openremote/security/advisories/GHSA-h3m5-97jq-qjrf"
},
{
"name": "VulnCheck Advisory: OpenRemote Manager - Cross-Tenant IDOR in Bulk Alarm Deletion",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openremote-cross-tenant-idor-in-bulk-alarm-deletion"
}
],
"tags": [
"x_open-source"
],
"title": "OpenRemote \u003c 1.25.0 IDOR via Bulk Alarm Deletion Endpoint",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-56784",
"datePublished": "2026-06-23T12:13:07.594Z",
"dateReserved": "2026-06-23T01:24:27.651Z",
"dateUpdated": "2026-06-23T21:02:37.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40882 (GCVE-0-2026-40882)
Vulnerability from cvelistv5 – Published: 2026-04-22 20:33 – Updated: 2026-04-23 13:47
VLAI
Title
OpenRemote has XXE in Velbus Asset Import
Summary
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses attacker-controlled XML without explicit XXE hardening. An authenticated user who can call the import endpoint may trigger XML external entity processing, which can lead to server-side file disclosure and SSRF. The target file must be less than 1023 characters. Version 1.22.0 fixes the issue.
Severity
7.6 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/openremote/openremote/security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| openremote | openremote |
Affected:
< 1.22.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40882",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-23T13:46:44.026868Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T13:47:07.964Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/openremote/openremote/security/advisories/GHSA-g24f-mgc3-jwwc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openremote",
"vendor": "openremote",
"versions": [
{
"status": "affected",
"version": "\u003c 1.22.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses attacker-controlled XML without explicit XXE hardening. An authenticated user who can call the import endpoint may trigger XML external entity processing, which can lead to server-side file disclosure and SSRF. The target file must be less than 1023 characters. Version 1.22.0 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T20:33:23.304Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/openremote/openremote/security/advisories/GHSA-g24f-mgc3-jwwc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openremote/openremote/security/advisories/GHSA-g24f-mgc3-jwwc"
}
],
"source": {
"advisory": "GHSA-g24f-mgc3-jwwc",
"discovery": "UNKNOWN"
},
"title": "OpenRemote has XXE in Velbus Asset Import"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40882",
"datePublished": "2026-04-22T20:33:23.304Z",
"dateReserved": "2026-04-15T15:57:41.719Z",
"dateUpdated": "2026-04-23T13:47:07.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41166 (GCVE-0-2026-41166)
Vulnerability from cvelistv5 – Published: 2026-04-22 20:31 – Updated: 2026-04-28 03:55
VLAI
Title
OpenRemote has Improper Access Control via updateUserRealmRoles function
Summary
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has `write:admin` in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, including `master`. The handler uses the `{realm}` path segment when talking to the identity provider but does not check that the caller may administer that realm. This could result in a privilege escalation to `master` realm administrator if the attacker controls any user in `master` realm. Version 1.22.1 fixes the issue.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/openremote/openremote/security… | x_refsource_CONFIRM |
| https://github.com/openremote/openremote/releases… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| openremote | openremote |
Affected:
< 1.22.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41166",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-24T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T03:55:21.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/openremote/openremote/security/advisories/GHSA-49vv-25qx-mg44"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openremote",
"vendor": "openremote",
"versions": [
{
"status": "affected",
"version": "\u003c 1.22.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has `write:admin` in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, including `master`. The handler uses the `{realm}` path segment when talking to the identity provider but does not check that the caller may administer that realm. This could result in a privilege escalation to `master` realm administrator if the attacker controls any user in `master` realm. Version 1.22.1 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T20:31:29.234Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/openremote/openremote/security/advisories/GHSA-49vv-25qx-mg44",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openremote/openremote/security/advisories/GHSA-49vv-25qx-mg44"
},
{
"name": "https://github.com/openremote/openremote/releases/tag/1.22.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openremote/openremote/releases/tag/1.22.1"
}
],
"source": {
"advisory": "GHSA-49vv-25qx-mg44",
"discovery": "UNKNOWN"
},
"title": "OpenRemote has Improper Access Control via updateUserRealmRoles function"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-41166",
"datePublished": "2026-04-22T20:31:29.234Z",
"dateReserved": "2026-04-17T16:34:45.525Z",
"dateUpdated": "2026-04-28T03:55:21.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-39842 (GCVE-0-2026-39842)
Vulnerability from cvelistv5 – Published: 2026-04-14 23:21 – Updated: 2026-04-16 13:58
VLAI
Title
OpenRemote is Vulnerable to Expression Injection
Summary
OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server. The JavaScript rules engine executes user-supplied scripts via Nashorn's ScriptEngine.eval() without sandboxing, class filtering, or access restrictions, and the authorization check in RulesResourceImpl only restricts Groovy rules to superusers while leaving JavaScript rules unrestricted for any user with the write:rules role. Additionally, the Groovy rules engine has a GroovyDenyAllFilter security filter that is defined but never registered, as the registration code is commented out, rendering the SandboxTransformer ineffective for superuser-created Groovy rules. A non-superuser attacker with the write:rules role can create JavaScript rulesets that execute with full JVM access, enabling remote code execution as root, arbitrary file read, environment variable theft including database credentials, and complete multi-tenant isolation bypass to access data across all realms. This issue has been fixed in version 1.22.0.
Severity
10 (Critical)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/openremote/openremote/security… | x_refsource_CONFIRM |
| https://github.com/openremote/openremote/releases… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| openremote | openremote |
Affected:
< 1.22.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39842",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-16T13:58:20.241436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T13:58:42.988Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openremote",
"vendor": "openremote",
"versions": [
{
"status": "affected",
"version": "\u003c 1.22.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server. The JavaScript rules engine executes user-supplied scripts via Nashorn\u0027s ScriptEngine.eval() without sandboxing, class filtering, or access restrictions, and the authorization check in RulesResourceImpl only restricts Groovy rules to superusers while leaving JavaScript rules unrestricted for any user with the write:rules role. Additionally, the Groovy rules engine has a GroovyDenyAllFilter security filter that is defined but never registered, as the registration code is commented out, rendering the SandboxTransformer ineffective for superuser-created Groovy rules. A non-superuser attacker with the write:rules role can create JavaScript rulesets that execute with full JVM access, enabling remote code execution as root, arbitrary file read, environment variable theft including database credentials, and complete multi-tenant isolation bypass to access data across all realms. This issue has been fixed in version 1.22.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-917",
"description": "CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T23:21:22.242Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/openremote/openremote/security/advisories/GHSA-7mqr-33rv-p3mp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openremote/openremote/security/advisories/GHSA-7mqr-33rv-p3mp"
},
{
"name": "https://github.com/openremote/openremote/releases/tag/1.22.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openremote/openremote/releases/tag/1.22.0"
}
],
"source": {
"advisory": "GHSA-7mqr-33rv-p3mp",
"discovery": "UNKNOWN"
},
"title": "OpenRemote is Vulnerable to Expression Injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-39842",
"datePublished": "2026-04-14T23:21:22.242Z",
"dateReserved": "2026-04-07T19:13:20.377Z",
"dateUpdated": "2026-04-16T13:58:42.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-31860 (GCVE-0-2022-31860)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:50 – Updated: 2025-06-12 13:54
VLAI
Summary
An issue was discovered in OpenRemote through 1.0.4 allows attackers to execute arbitrary code via a crafted Groovy rule.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/openremote/openremote/ | x_refsource_MISC |
| https://stackoverflow.com/questions/159148/groovy… | x_refsource_MISC |
| https://stackoverflow.com/questions/66069960/groo… | x_refsource_MISC |
| https://securityblog101.blogspot.com/2022/09/cve-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openremote/openremote/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://stackoverflow.com/questions/159148/groovy-executing-shell-commands"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://stackoverflow.com/questions/66069960/groovy-shell-sandboxing-best-practices"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securityblog101.blogspot.com/2022/09/cve-2022-31860.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31860",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T13:54:32.930583Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T13:54:37.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenRemote through 1.0.4 allows attackers to execute arbitrary code via a crafted Groovy rule."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:50:24.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openremote/openremote/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://stackoverflow.com/questions/159148/groovy-executing-shell-commands"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://stackoverflow.com/questions/66069960/groovy-shell-sandboxing-best-practices"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://securityblog101.blogspot.com/2022/09/cve-2022-31860.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in OpenRemote through 1.0.4 allows attackers to execute arbitrary code via a crafted Groovy rule."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/openremote/openremote/",
"refsource": "MISC",
"url": "https://github.com/openremote/openremote/"
},
{
"name": "https://stackoverflow.com/questions/159148/groovy-executing-shell-commands",
"refsource": "MISC",
"url": "https://stackoverflow.com/questions/159148/groovy-executing-shell-commands"
},
{
"name": "https://stackoverflow.com/questions/66069960/groovy-shell-sandboxing-best-practices",
"refsource": "MISC",
"url": "https://stackoverflow.com/questions/66069960/groovy-shell-sandboxing-best-practices"
},
{
"name": "https://securityblog101.blogspot.com/2022/09/cve-2022-31860.html",
"refsource": "MISC",
"url": "https://securityblog101.blogspot.com/2022/09/cve-2022-31860.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31860",
"datePublished": "2022-09-06T17:50:24.000Z",
"dateReserved": "2022-05-31T00:00:00.000Z",
"dateUpdated": "2025-06-12T13:54:37.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-41166 (GCVE-0-2026-41166)
Vulnerability from nvd – Published: 2026-04-22 20:31 – Updated: 2026-04-28 03:55
VLAI
Title
OpenRemote has Improper Access Control via updateUserRealmRoles function
Summary
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has `write:admin` in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, including `master`. The handler uses the `{realm}` path segment when talking to the identity provider but does not check that the caller may administer that realm. This could result in a privilege escalation to `master` realm administrator if the attacker controls any user in `master` realm. Version 1.22.1 fixes the issue.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/openremote/openremote/security… | x_refsource_CONFIRM |
| https://github.com/openremote/openremote/releases… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| openremote | openremote |
Affected:
< 1.22.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41166",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-24T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T03:55:21.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/openremote/openremote/security/advisories/GHSA-49vv-25qx-mg44"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openremote",
"vendor": "openremote",
"versions": [
{
"status": "affected",
"version": "\u003c 1.22.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has `write:admin` in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, including `master`. The handler uses the `{realm}` path segment when talking to the identity provider but does not check that the caller may administer that realm. This could result in a privilege escalation to `master` realm administrator if the attacker controls any user in `master` realm. Version 1.22.1 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T20:31:29.234Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/openremote/openremote/security/advisories/GHSA-49vv-25qx-mg44",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openremote/openremote/security/advisories/GHSA-49vv-25qx-mg44"
},
{
"name": "https://github.com/openremote/openremote/releases/tag/1.22.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openremote/openremote/releases/tag/1.22.1"
}
],
"source": {
"advisory": "GHSA-49vv-25qx-mg44",
"discovery": "UNKNOWN"
},
"title": "OpenRemote has Improper Access Control via updateUserRealmRoles function"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-41166",
"datePublished": "2026-04-22T20:31:29.234Z",
"dateReserved": "2026-04-17T16:34:45.525Z",
"dateUpdated": "2026-04-28T03:55:21.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40882 (GCVE-0-2026-40882)
Vulnerability from nvd – Published: 2026-04-22 20:33 – Updated: 2026-04-23 13:47
VLAI
Title
OpenRemote has XXE in Velbus Asset Import
Summary
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses attacker-controlled XML without explicit XXE hardening. An authenticated user who can call the import endpoint may trigger XML external entity processing, which can lead to server-side file disclosure and SSRF. The target file must be less than 1023 characters. Version 1.22.0 fixes the issue.
Severity
7.6 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/openremote/openremote/security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| openremote | openremote |
Affected:
< 1.22.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40882",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-23T13:46:44.026868Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T13:47:07.964Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/openremote/openremote/security/advisories/GHSA-g24f-mgc3-jwwc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openremote",
"vendor": "openremote",
"versions": [
{
"status": "affected",
"version": "\u003c 1.22.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses attacker-controlled XML without explicit XXE hardening. An authenticated user who can call the import endpoint may trigger XML external entity processing, which can lead to server-side file disclosure and SSRF. The target file must be less than 1023 characters. Version 1.22.0 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T20:33:23.304Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/openremote/openremote/security/advisories/GHSA-g24f-mgc3-jwwc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openremote/openremote/security/advisories/GHSA-g24f-mgc3-jwwc"
}
],
"source": {
"advisory": "GHSA-g24f-mgc3-jwwc",
"discovery": "UNKNOWN"
},
"title": "OpenRemote has XXE in Velbus Asset Import"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40882",
"datePublished": "2026-04-22T20:33:23.304Z",
"dateReserved": "2026-04-15T15:57:41.719Z",
"dateUpdated": "2026-04-23T13:47:07.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-39842 (GCVE-0-2026-39842)
Vulnerability from nvd – Published: 2026-04-14 23:21 – Updated: 2026-04-16 13:58
VLAI
Title
OpenRemote is Vulnerable to Expression Injection
Summary
OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server. The JavaScript rules engine executes user-supplied scripts via Nashorn's ScriptEngine.eval() without sandboxing, class filtering, or access restrictions, and the authorization check in RulesResourceImpl only restricts Groovy rules to superusers while leaving JavaScript rules unrestricted for any user with the write:rules role. Additionally, the Groovy rules engine has a GroovyDenyAllFilter security filter that is defined but never registered, as the registration code is commented out, rendering the SandboxTransformer ineffective for superuser-created Groovy rules. A non-superuser attacker with the write:rules role can create JavaScript rulesets that execute with full JVM access, enabling remote code execution as root, arbitrary file read, environment variable theft including database credentials, and complete multi-tenant isolation bypass to access data across all realms. This issue has been fixed in version 1.22.0.
Severity
10 (Critical)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/openremote/openremote/security… | x_refsource_CONFIRM |
| https://github.com/openremote/openremote/releases… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| openremote | openremote |
Affected:
< 1.22.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39842",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-16T13:58:20.241436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T13:58:42.988Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openremote",
"vendor": "openremote",
"versions": [
{
"status": "affected",
"version": "\u003c 1.22.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server. The JavaScript rules engine executes user-supplied scripts via Nashorn\u0027s ScriptEngine.eval() without sandboxing, class filtering, or access restrictions, and the authorization check in RulesResourceImpl only restricts Groovy rules to superusers while leaving JavaScript rules unrestricted for any user with the write:rules role. Additionally, the Groovy rules engine has a GroovyDenyAllFilter security filter that is defined but never registered, as the registration code is commented out, rendering the SandboxTransformer ineffective for superuser-created Groovy rules. A non-superuser attacker with the write:rules role can create JavaScript rulesets that execute with full JVM access, enabling remote code execution as root, arbitrary file read, environment variable theft including database credentials, and complete multi-tenant isolation bypass to access data across all realms. This issue has been fixed in version 1.22.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-917",
"description": "CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T23:21:22.242Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/openremote/openremote/security/advisories/GHSA-7mqr-33rv-p3mp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openremote/openremote/security/advisories/GHSA-7mqr-33rv-p3mp"
},
{
"name": "https://github.com/openremote/openremote/releases/tag/1.22.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openremote/openremote/releases/tag/1.22.0"
}
],
"source": {
"advisory": "GHSA-7mqr-33rv-p3mp",
"discovery": "UNKNOWN"
},
"title": "OpenRemote is Vulnerable to Expression Injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-39842",
"datePublished": "2026-04-14T23:21:22.242Z",
"dateReserved": "2026-04-07T19:13:20.377Z",
"dateUpdated": "2026-04-16T13:58:42.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-31860 (GCVE-0-2022-31860)
Vulnerability from nvd – Published: 2022-09-06 17:50 – Updated: 2025-06-12 13:54
VLAI
Summary
An issue was discovered in OpenRemote through 1.0.4 allows attackers to execute arbitrary code via a crafted Groovy rule.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/openremote/openremote/ | x_refsource_MISC |
| https://stackoverflow.com/questions/159148/groovy… | x_refsource_MISC |
| https://stackoverflow.com/questions/66069960/groo… | x_refsource_MISC |
| https://securityblog101.blogspot.com/2022/09/cve-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openremote/openremote/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://stackoverflow.com/questions/159148/groovy-executing-shell-commands"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://stackoverflow.com/questions/66069960/groovy-shell-sandboxing-best-practices"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securityblog101.blogspot.com/2022/09/cve-2022-31860.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31860",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T13:54:32.930583Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T13:54:37.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenRemote through 1.0.4 allows attackers to execute arbitrary code via a crafted Groovy rule."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:50:24.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openremote/openremote/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://stackoverflow.com/questions/159148/groovy-executing-shell-commands"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://stackoverflow.com/questions/66069960/groovy-shell-sandboxing-best-practices"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://securityblog101.blogspot.com/2022/09/cve-2022-31860.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in OpenRemote through 1.0.4 allows attackers to execute arbitrary code via a crafted Groovy rule."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/openremote/openremote/",
"refsource": "MISC",
"url": "https://github.com/openremote/openremote/"
},
{
"name": "https://stackoverflow.com/questions/159148/groovy-executing-shell-commands",
"refsource": "MISC",
"url": "https://stackoverflow.com/questions/159148/groovy-executing-shell-commands"
},
{
"name": "https://stackoverflow.com/questions/66069960/groovy-shell-sandboxing-best-practices",
"refsource": "MISC",
"url": "https://stackoverflow.com/questions/66069960/groovy-shell-sandboxing-best-practices"
},
{
"name": "https://securityblog101.blogspot.com/2022/09/cve-2022-31860.html",
"refsource": "MISC",
"url": "https://securityblog101.blogspot.com/2022/09/cve-2022-31860.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31860",
"datePublished": "2022-09-06T17:50:24.000Z",
"dateReserved": "2022-05-31T00:00:00.000Z",
"dateUpdated": "2025-06-12T13:54:37.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}