Summary
| Parameter | Value |
|---|---|
| CVE ID | CVE-2023-54342 |
| Alert Source | GitHub Advisory - Critical Vulnerability |
| CVE Publication Year | 2023 |
| Date Published | 2026-05-05 |
| Vendor | Eclipse Foundation |
| Product | Equinox OSGi |
| CVSS Score | 9.8 (critical) |
| EPSS Score | No data |
| CISA KEV | No |
| Ransomware | Not confirmed |
Vulnerability Description
Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality. Attackers can establish a telnet connection to the OSGi console, perform a telnet handshake, and send fork commands to download and execute malicious Java code, establishing a reverse shell connection.
Required Actions
Apply vendor patches or mitigations as soon as available.
Who Is Affected?
This vulnerability affects Equinox OSGi by Eclipse Foundation. Check if your organization uses this software and requires updates.
Sources
Need help securing your systems? nFlo team offers vulnerability management and 24/7 SOC services. Contact us.
