πŸ” CVE Alert

CVE-2026-34906

UNKNOWN 0.0

Server-Side Template Injection (SSTI) in Wirtualna Uczelnia

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint redirectToUrl and parameter redirectUrlParameter, insufficient input validation permits injection of arbitrary template expressions that are executed on the server. Successful exploitation can allow an attacker to run remote commands, including establishing a reverse shell. This issue affects Wirtualna Uczelnia versions up toΒ wu#2016.437.295#0#20260327_105545

CWE CWE-1336
Vendor simple sa
Product wirtualna uczelnia
Published Jun 2, 2026
Last Updated Jun 2, 2026
Stay Ahead of the Next One

Get instant alerts for simple sa wirtualna uczelnia

Be the first to know when new unknown vulnerabilities affecting simple sa wirtualna uczelnia are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

Simple SA / Wirtualna Uczelnia
0 ≀ wu#2016.437.295#0#20260327_105545

References

NVD β†— CVE.org β†— EPSS Data β†—
cert.pl: https://cert.pl/posts/2026/06/CVE-2026-34906 simple.com.pl: https://simple.com.pl/branze/edukacyjna/

Credits

Dawid Bakaj - VIPentest