CWE-917 · Improper Neutralization of Special Elements used in an Expression Language Statement (Expression Language Injection)
38 CVEs classified under CWE-917 (Improper Neutralization of Special Elements used in an Expression Language Statement (Expression Language Injection)). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-39842 | Critical | 10.0 | 2026-04-14 | OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that all… |
CVE-2025-41243 | Critical | 10.0 | 2025-09-16 | Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the… |
CVE-2026-42811 | Critical | 9.9 | 2026-05-04 | In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can… |
CVE-2026-22738 | Critical | 9.8 | 2026-03-27 | In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could… |
CVE-2023-51593 | Critical | 9.8 | 2024-05-03 | Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrar… |
CVE-2023-41331 | Critical | 9.8 | 2023-09-12 | SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully crafted payload, an attacker can achi… |
CVE-2026-2587 | Critical | 9.6 | 2026-05-19 | A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The a… |
CVE-2022-23463 | Critical | 9.4 | 2022-09-24 | Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is e… |
CVE-2026-2586 | Critical | 9.1 | 2026-05-19 | An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send craft… |
CVE-2026-40478 | Critical | 9.1 | 2026-04-17 | Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability i… |
CVE-2026-40477 | Critical | 9.1 | 2026-04-17 | Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability i… |
CVE-2026-41901 | Critical | 9.0 | 2026-05-12 | Thymeleaf is a server-side Java template engine for web and standalone environments. Prior to 3.1.5.RELEASE, a security bypass vulnerability exists in the expr… |
CVE-2024-51466 | Critical | 9.0 | 2024-12-20 | IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote atta… |
CVE-2023-42658 | High | 8.8 | 2023-10-31 | Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile. |
CVE-2026-41705 | High | 8.6 | 2026-05-09 | Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs. Spring AI 1.0.x: affecte… |
CVE-2024-5828 | High | 8.6 | 2024-08-06 | Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Tuning Manage… |
CVE-2026-41883 | High | 8.1 | 2026-05-08 | OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Co… |
CVE-2022-45855 | High | 8.0 | 2023-07-12 | SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. User… |
CVE-2022-42009 | High | 8.0 | 2023-07-12 | SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users… |
CVE-2026-28201 | High | 7.8 | 2026-05-07 | An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimat… |