CRITICAL
intranda
CVE published 2026-05-27
CVE-2026-45083
The Goobi viewer, a web application for displaying digitized material, contains a critical unauthenticated remote code execution vulnerability in versions 4.8.0 through 26.04.0. The REST endpoint POST /api/v1/index/stream accepts arbitrary Solr streaming expressions from unauthenticated network clients and forwards them directly to the backend Solr server without validation or restriction. This allows att [truncated]