Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.6
JBoss Enterprise Application Platform 8.0.12 Security Update: Remote Code Execution Risk
RHSA-2026:3891
Summary
A security update is available for JBoss Enterprise Application Platform 8.0.12 to fix a vulnerability that could allow an attacker to execute malicious code remotely, potentially compromising your server. Affected systems should be updated as soon as possible to prevent potential attacks. Update your JBoss Enterprise Application Platform to the latest version to ensure you have the latest security patches.
What to do
- Update redhat eap8-bouncycastle to version 0:1.83.0-1.redhat_00001.1.el9eap.
- Update redhat eap8-bouncycastle-jmail to version 0:1.83.0-1.redhat_00001.1.el9eap.
- Update redhat eap8-bouncycastle-pg to version 0:1.83.0-1.redhat_00001.1.el9eap.
- Update redhat eap8-bouncycastle-pkix to version 0:1.83.0-1.redhat_00001.1.el9eap.
- Update redhat eap8-bouncycastle-prov to version 0:1.83.0-1.redhat_00001.1.el9eap.
- Update redhat eap8-bouncycastle-util to version 0:1.83.0-1.redhat_00001.1.el9eap.
- Update redhat eap8-codemodel to version 0:4.0.6-1.redhat_00001.1.el9eap.
- Update redhat eap8-guava to version 0:33.0.0-2.jre_redhat_00003.1.el9eap.
- Update redhat eap8-guava-libraries to version 0:33.0.0-2.jre_redhat_00003.1.el9eap.
- Update redhat eap8-jaxb to version 0:4.0.6-1.redhat_00001.1.el9eap.
- Update redhat eap8-jaxb-core to version 0:4.0.6-1.redhat_00001.1.el9eap.
- Update redhat eap8-jaxb-jxc to version 0:4.0.6-1.redhat_00001.1.el9eap.
- Update redhat eap8-jaxb-runtime to version 0:4.0.6-1.redhat_00001.1.el9eap.
- Update redhat eap8-jaxb-xjc to version 0:4.0.6-1.redhat_00001.1.el9eap.
- Update redhat eap8-jcip-annotations to version 0:1.0.0-3.redhat_00009.1.el9eap.
- Update redhat eap8-relaxng-datatype to version 0:4.0.6-1.redhat_00001.1.el9eap.
- Update redhat eap8-rngom to version 0:4.0.6-1.redhat_00001.1.el9eap.
- Update redhat eap8-slf4j-jboss-logmanager to version 0:2.0.2-1.Final_redhat_00001.1.el9eap.
- Update redhat eap8-txw2 to version 0:4.0.6-1.redhat_00001.1.el9eap.
- Update redhat eap8-undertow to version 0:2.3.23-1.SP3_redhat_00001.1.el9eap.
- Update redhat eap8-xsom to version 0:4.0.6-1.redhat_00001.1.el9eap.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| redhat | eap8-bouncycastle | <= 0:1.83.0-1.redhat_00001.1.el9eap | 0:1.83.0-1.redhat_00001.1.el9eap |
| redhat | eap8-bouncycastle-jmail | <= 0:1.83.0-1.redhat_00001.1.el9eap | 0:1.83.0-1.redhat_00001.1.el9eap |
| redhat | eap8-bouncycastle-pg | <= 0:1.83.0-1.redhat_00001.1.el9eap | 0:1.83.0-1.redhat_00001.1.el9eap |
| redhat | eap8-bouncycastle-pkix | <= 0:1.83.0-1.redhat_00001.1.el9eap | 0:1.83.0-1.redhat_00001.1.el9eap |
| redhat | eap8-bouncycastle-prov | <= 0:1.83.0-1.redhat_00001.1.el9eap | 0:1.83.0-1.redhat_00001.1.el9eap |
| redhat | eap8-bouncycastle-util | <= 0:1.83.0-1.redhat_00001.1.el9eap | 0:1.83.0-1.redhat_00001.1.el9eap |
| redhat | eap8-codemodel | <= 0:4.0.6-1.redhat_00001.1.el9eap | 0:4.0.6-1.redhat_00001.1.el9eap |
| redhat | eap8-guava | <= 0:33.0.0-2.jre_redhat_00003.1.el9eap | 0:33.0.0-2.jre_redhat_00003.1.el9eap |
| redhat | eap8-guava-libraries | <= 0:33.0.0-2.jre_redhat_00003.1.el9eap | 0:33.0.0-2.jre_redhat_00003.1.el9eap |
| redhat | eap8-jaxb | <= 0:4.0.6-1.redhat_00001.1.el9eap | 0:4.0.6-1.redhat_00001.1.el9eap |
| redhat | eap8-jaxb-core | <= 0:4.0.6-1.redhat_00001.1.el9eap | 0:4.0.6-1.redhat_00001.1.el9eap |
| redhat | eap8-jaxb-jxc | <= 0:4.0.6-1.redhat_00001.1.el9eap | 0:4.0.6-1.redhat_00001.1.el9eap |
| redhat | eap8-jaxb-runtime | <= 0:4.0.6-1.redhat_00001.1.el9eap | 0:4.0.6-1.redhat_00001.1.el9eap |
| redhat | eap8-jaxb-xjc | <= 0:4.0.6-1.redhat_00001.1.el9eap | 0:4.0.6-1.redhat_00001.1.el9eap |
| redhat | eap8-jcip-annotations | <= 0:1.0.0-3.redhat_00009.1.el9eap | 0:1.0.0-3.redhat_00009.1.el9eap |
| redhat | eap8-relaxng-datatype | <= 0:4.0.6-1.redhat_00001.1.el9eap | 0:4.0.6-1.redhat_00001.1.el9eap |
| redhat | eap8-rngom | <= 0:4.0.6-1.redhat_00001.1.el9eap | 0:4.0.6-1.redhat_00001.1.el9eap |
| redhat | eap8-slf4j-jboss-logmanager | <= 0:2.0.2-1.Final_redhat_00001.1.el9eap | 0:2.0.2-1.Final_redhat_00001.1.el9eap |
| redhat | eap8-txw2 | <= 0:4.0.6-1.redhat_00001.1.el9eap | 0:4.0.6-1.redhat_00001.1.el9eap |
| redhat | eap8-undertow | <= 0:2.3.23-1.SP3_redhat_00001.1.el9eap | 0:2.3.23-1.SP3_redhat_00001.1.el9eap |
| redhat | eap8-xsom | <= 0:4.0.6-1.redhat_00001.1.el9eap | 0:4.0.6-1.redhat_00001.1.el9eap |
Original title
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.12 security update
osv CVSS3.1
9.6
- https://access.redhat.com/errata/RHSA-2026:3891 Vendor Advisory
- https://access.redhat.com/security/updates/classification/#important Third Party Advisory
- https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_pl... Third Party Advisory
- https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_pl... Third Party Advisory
- https://access.redhat.com/articles/7120566 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2275287 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2392306 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2408784 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31073 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31251 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31325 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31343 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31358 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31397 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31420 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31438 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31446 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31453 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31566 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31579 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31596 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31679 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31708 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31712 Third Party Advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3891.j... Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2024-3884 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2024-3884 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-3884 Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2025-9784 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-9784 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-9784 Vendor Advisory
- https://github.com/undertow-io/undertow/pull/1778 Third Party Advisory
- https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final Third Party Advisory
- https://issues.redhat.com/browse/UNDERTOW-2598 Third Party Advisory
- https://kb.cert.org/vuls/id/767506 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2025-12543 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-12543 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-12543 Vendor Advisory
Published: 6 Mar 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026