Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.9
Eclipse Equinox OSGi Remote Code Execution Vulnerability
UBUNTU-CVE-2023-54344
Summary
Using Eclipse Equinox OSGi may allow attackers to execute code on your server. This is a serious issue because it can lead to unauthorized access and data breaches. Update Eclipse Equinox OSGi to the latest version to fix this vulnerability.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Ubuntu:24.04:LTS | canonical | eclipse-equinox | All versions |
| Ubuntu:25.10 | canonical | eclipse-equinox | All versions |
| Ubuntu:26.04 | canonical | eclipse-equinox | All versions |
Original title
Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interfac...
Original description
Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Attackers can connect to the OSGi console port and send base64-encoded bash commands wrapped in fork directives to achieve code execution and establish reverse shell connections.
osv CVSS3.1
9.8
osv CVSS4.0
9.9
- https://ubuntu.com/security/CVE-2023-54344 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2023-54344 Third Party Advisory
Published: 5 May 2026 · Updated: 14 May 2026 · First seen: 7 May 2026