CVE-2025-59059

CRITICAL 9.8

Apache Ranger: Remote Code Execution Vulnerability in NashornScriptEngineCreator

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions <= 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue.

CWE	CWE-94
Vendor	apache software foundation
Product	apache ranger
Published	Mar 3, 2026
Last Updated	Mar 3, 2026

Stay Ahead of the Next One

Get instant alerts for apache software foundation apache ranger

Be the first to know when new critical vulnerabilities affecting apache software foundation apache ranger are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Apache Software Foundation / Apache Ranger

0 ≤ 2.7.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

lists.apache.org: https://lists.apache.org/thread/z47q86rho80390lf2qcmoc2josvs0gtv openwall.com: http://www.openwall.com/lists/oss-security/2026/03/02/5

Credits

chengtianyi <[email protected]>