What is CVE-2026-42555?

CVE-2026-42555 is a critical-severity vulnerability in Com.ritense.valtimo Case, classified under Code Injection. CVSS score: 9.1/10. Published 2026-05-14.

How severe is CVE-2026-42555?

Critical severity. CVSS v3 base score is 9.1 out of 10.

RCE in Com.ritense.valtimo Case

CVE-2026-42555

Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to before 13.2…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.003 (54.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.

Affected products

Com.ritense.valtimo Case — versions >= 13.0.0, < 13.23.0
Com.ritense.valtimo Contract — versions >= 13.4.0, < 13.23.0
Com.ritense.valtimo Document — versions >= 12.0.0, < 12.32.0
Valtimo-platform Valtimo — versions < 13.23.0

Weakness classification (CWE)

CWE-94 — Code Injection

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-42555?: CVE-2026-42555 is a critical-severity vulnerability in Com.ritense.valtimo Case, classified under Code Injection. CVSS score: 9.1/10. Published 2026-05-14.
How severe is CVE-2026-42555?: Critical severity. CVSS v3 base score is 9.1 out of 10.