Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.9
Eclipse Equinox OSGi versions 3.8 to 3.18 allow remote code execution
UBUNTU-CVE-2023-54342
Summary
Versions 3.8 to 3.18 of Eclipse Equinox OSGi are vulnerable to a remote code execution attack. This means an attacker could potentially run malicious code on your system without your permission. To protect yourself, update to a fixed version of Eclipse Equinox OSGi or consider replacing it with a different solution.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Ubuntu:24.04:LTS | canonical | eclipse-equinox | All versions |
| Ubuntu:25.10 | canonical | eclipse-equinox | All versions |
| Ubuntu:26.04 | canonical | eclipse-equinox | All versions |
Original title
Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting t...
Original description
Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality. Attackers can establish a telnet connection to the OSGi console, perform a telnet handshake, and send fork commands to download and execute malicious Java code, establishing a reverse shell connection.
osv CVSS3.1
9.8
osv CVSS4.0
9.9
- https://ubuntu.com/security/CVE-2023-54342 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2023-54342 Third Party Advisory
Published: 5 May 2026 · Updated: 14 May 2026 · First seen: 7 May 2026