CVE-2026-34906 in Wirtualna Uczelniaالمعلومات

الملخص

بحسب MITRE • 02/06/2026

Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint redirectToUrl and parameter redirectUrlParameter, insufficient input validation permits injection of arbitrary template expressions that are executed on the server. Successful exploitation can allow an attacker to run remote commands, including establishing a reverse shell.

This issue affects Wirtualna Uczelnia versions up to wu#2016.437.295#0#20260327_105545

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

CERT-PL

حجز

31/03/2026

إفشاء

02/06/2026

الاعتدال

تمت الموافقة

إدخال

VDB-367905

CPE

جاهز

CWE

CWE-1336 (مؤكد)

CVSS

7.3 (VulDB)

EPSS

0.00289

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-34906
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-34906
CVE Details	https://www.cvedetails.com/cve/CVE-2026-34906/

التالي ▸نظرة عامة ◂ السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!