PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-8211 Bv3acdnplbr CVE debrief

CVE-2026-8211 is a code-injection issue reported in codelibs Fess up to 15.5.1. The source describes an affected update function in the admin design/JSP file handler path, where manipulating the content argument can lead to code injection from a remote attacker with the required privileges. The supplied record also says a public exploit exists and that the vendor did not respond to early disclosure outreach.

Vendor
Bv3acdnplbr
Product
Unknown
CVSS
LOW 2
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-09
Original CVE updated
2026-05-09
Advisory published
2026-05-09
Advisory updated
2026-05-09

Who should care

Administrators and security teams running codelibs Fess up to 15.5.1, especially deployments that expose the admin design or JSP file handling features to privileged users.

Technical summary

The reported weakness affects org/codelibs/fess/app/web/admin/design/AdminDesignAction.java in the JSP File Handler component. According to the source, the update flow accepts a content argument that can be manipulated to trigger code injection. The supplied CVSS v4 vector indicates network reachability, no user interaction, and high privileges required, which suggests the issue is most relevant to authenticated admin-level access paths rather than unauthenticated traffic.

Defensive priority

Medium

Recommended defensive actions

  • Review whether any Fess instances are running version 15.5.1 or earlier and prioritize remediation.
  • Restrict access to the admin design and JSP file handling features to only trusted administrative accounts and networks.
  • Apply a vendor patch or upgrade to a fixed release as soon as one is available.
  • Audit recent admin design changes and file content updates for unexpected or unauthorized modifications.
  • Inspect logs for unusual requests to the AdminDesignAction update path and any signs of code execution following content changes.
  • If abuse is suspected, rotate credentials for privileged accounts and review the host for webshells or other persistence artifacts.

Evidence notes

This debrief is based on the supplied NVD-modified record and the references embedded there. The source description states that codelibs Fess up to 15.5.1 is affected, that the vulnerable path is org/codelibs/fess/app/web/admin/design/AdminDesignAction.java in the JSP File Handler, that manipulating the content argument can result in code injection, and that a public exploit exists. The supplied CVSS v4 vector shows AV:N/PR:H/UI:N with low impacts to confidentiality, integrity, and availability. The vendor mapping in the source metadata is low-confidence and should be treated cautiously; the product assessment here follows the vulnerability description rather than the vendor slug.

Official resources

Published 2026-05-09 UTC. The supplied source says the vendor was contacted early and did not respond; no KEV entry is present in the provided timeline.