Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
CVE-2023-54342: Eclipse Equinox OSGi Versions 3.8-3.18: Unauthenticated Remote Code Execution
CVE-2023-54342
Summary
The Eclipse Equinox OSGi console interface has a security flaw that allows attackers to execute malicious code on your system without a password. This can happen if an attacker can connect to your system's console interface. To fix this, update to a newer version of Eclipse Equinox OSGi or disable the console interface if it's not needed.
Original title
Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting t...
Original description
Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality. Attackers can establish a telnet connection to the OSGi console, perform a telnet handshake, and send fork commands to download and execute malicious Java code, establishing a reverse shell connection.
nvd CVSS3.1
9.8
nvd CVSS4.0
9.3
Vulnerability type
CWE-306
Missing Authentication for Critical Function
Published: 5 May 2026 · Updated: 28 May 2026 · First seen: 5 May 2026