GHSA-X9F9-R4M8-9XC2
Vulnerability from github – Published: 2026-07-16 20:15 – Updated: 2026-07-16 20:15ScriptTriggerExecutor sets allowedPackages to java.lang., java.util., java.time., java.math. (ScriptTriggerExecutor.java:56); trigger creation is gated only at UPDATE_SCHEMA (LocalSchema.createTrigger:636). Permitting java.lang.* host-class lookup lets a trigger script do Java.type("java.lang.Runtime").getRuntime().exec(...) (or ProcessBuilder). The reflection denylist does not block Java.type host lookups, and allowCreateProcess(false) only restricts GraalVM's guest process API, not a host Runtime.exec reached through HostAccess.ALL.
Exploit: a user with UPDATE_SCHEMA (schema admin, strictly less than security admin) runs CREATE TRIGGER ... EXECUTE JAVASCRIPT '' and obtains OS RCE when the trigger fires.
Fix: remove java.lang.* (and narrow the rest) from the trigger allow-list; if host interop is needed, expose an explicit @HostAccess.Export API surface instead of whole packages; consider gating trigger creation at UPDATE_SECURITY. Prefer an allow-list (HostAccess.EXPLICIT) over the current denylist-over-HostAccess.ALL.
Related medium/low items to fold into the fix: IMPORT DATABASE SSRF via unfollowed-redirect re-validation (SourceDiscovery.java:113), BACKUP/EXPORT DATABASE missing authorization (BackupDatabaseStatement.java:56, ExportDatabaseStatement.java:52), chunked-transfer body-size DoS bypass (HttpServer.java:301,318-333), and no brute-force lockout on password auth (ServerSecurity.java:189-205).
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.arcadedb:arcadedb-engine"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "26.7.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-78"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-16T20:15:36Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "ScriptTriggerExecutor sets allowedPackages to java.lang.*, java.util.*, java.time.*, java.math.* (ScriptTriggerExecutor.java:56); trigger creation is gated only at UPDATE_SCHEMA (LocalSchema.createTrigger:636). Permitting java.lang.* host-class lookup lets a trigger script do Java.type(\"java.lang.Runtime\").getRuntime().exec(...) (or ProcessBuilder). The reflection denylist does not block Java.type host lookups, and allowCreateProcess(false) only restricts GraalVM\u0027s guest process API, not a host Runtime.exec reached through HostAccess.ALL.\n\nExploit: a user with UPDATE_SCHEMA (schema admin, strictly less than security admin) runs CREATE TRIGGER ... EXECUTE JAVASCRIPT \u0027\u003cruntime.exec\u003e\u0027 and obtains OS RCE when the trigger fires.\n\nFix: remove java.lang.* (and narrow the rest) from the trigger allow-list; if host interop is needed, expose an explicit @HostAccess.Export API surface instead of whole packages; consider gating trigger creation at UPDATE_SECURITY. Prefer an allow-list (HostAccess.EXPLICIT) over the current denylist-over-HostAccess.ALL.\n\nRelated medium/low items to fold into the fix: IMPORT DATABASE SSRF via unfollowed-redirect re-validation (SourceDiscovery.java:113), BACKUP/EXPORT DATABASE missing authorization (BackupDatabaseStatement.java:56, ExportDatabaseStatement.java:52), chunked-transfer body-size DoS bypass (HttpServer.java:301,318-333), and no brute-force lockout on password auth (ServerSecurity.java:189-205).",
"id": "GHSA-x9f9-r4m8-9xc2",
"modified": "2026-07-16T20:15:36Z",
"published": "2026-07-16T20:15:36Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ArcadeData/arcadedb/security/advisories/GHSA-x9f9-r4m8-9xc2"
},
{
"type": "PACKAGE",
"url": "https://github.com/ArcadeData/arcadedb"
},
{
"type": "WEB",
"url": "https://github.com/ArcadeData/arcadedb/releases/tag/26.7.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "ArcadeDB: Trigger scripts run with java.lang.* allowed, enabling OS command execution (RCE)"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.