CVE-2025-26074
Published
CVSS v3
9.8
CRITICAL
CVSS v2
N/A
Affected
1
PROJECT
Description
Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes.
Conductor is an event driven agentic workflow engine providing durable and highly resilient execution engine for applications and AI Agents
GitHub