CVE-2026-42785

HIGH

OpenKM 6.3.12 Remote Code Execution via Administrative Scripting

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-42785. PoCs published by skumar.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in OpenKM, including LFI, RCE, and SQLi. It leverages the admin scripting interface to execute arbitrary commands and read files, and exploits unrestricted SQL queries to dump user credentials.

Description

OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary Java/BeanShell code through the /admin/Scripting endpoint. Attackers can submit malicious script content with an action=Evaluate parameter to execute operating system commands in the context of the OpenKM application server.

Exploits (1)

exploitdb WORKING POC

by skumar · pythonwebappsmultiple

https://www.exploit-db.com/exploits/52520

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in OpenKM, including LFI, RCE, and SQLi. It leverages the admin scripting interface to execute arbitrary commands and read files, and exploits unrestricted SQL queries to dump user credentials.

Classification

Working Poc 95%

Attack Type

Rce | Sqli | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: OpenKM Community Edition 6.3.12 and OpenKM Pro Edition 7.1.47 and previous versions

Auth required

Prerequisites: valid credentials (default or provided) · access to admin interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed May 26, 2026 Full analysis →

References (7)

Core 7

Core References

Exploit exploit

ExploitDB-52520

https://www.exploit-db.com/exploits/52520

Product product

Official Product Homepage

https://www.openkm.com/

Product product

Product Reference

https://hub.docker.com/r/openkm/openkm-ce

Vendor Advisory vendor-advisory

Vulnerability Advisory

https://terrasystemlabs.com/post?slug=openkm-zero-day-vulnerabilities-terra-system-labs

Product product

Proof-of-Concept Toolkit

https://github.com/terrasystemlabs/Exploits/tree/main/OpenKM-Exploits

Product product

Nuclei Detection Template

https://github.com/terrasystemlabs/Exploits/tree/main/OpenKM-Exploits/nuclei-templates/openkm-remote-code-execution

Third Party Advisory third-party-advisory

VulnCheck Advisory: OpenKM 6.3.12 Remote Code Execution via Administrative Scripting

https://www.vulncheck.com/advisories/openkm-remote-code-execution-via-administrative-scripting

Scores

CVSS v3 7.2

EPSS 0.0068

EPSS Percentile 47.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Products (2)

Openkm/OpenKM Community Edition < 6.3.12

Openkm/OpenKM Professional Edition < 7.1.47

Published May 26, 2026

Tracked Since May 26, 2026