CVE-2025-14340

N/A Unknown
Published: February 18, 2026 Modified: February 18, 2026
View on NVD

Description

Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://docs.payara.fish/enterprise/docs/Security/Security%20Fix%20List.html
Source: 769c9ae7-73c3-4e47-ae19-903170fc3eb8

1 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.1%
19th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-79

Related CVEs

CVE-2026-4779 6.3
CVE-2026-4778 6.3
CVE-2026-4777 6.3
CVE-2026-4433 N/A
CVE-2026-4371 N/A