[opencms-dev] Security update for OpenCms
Michael Emmerich
m.emmerich at alkacon.com
Wed Apr 22 14:05:19 CEST 2026
Dear OpenCms Users,
we have been informed by a security service provider about a potential
security vulnerability in OpenCms.
Due to this vulnerability, it was theoretically possible for
unauthenticated users to inject code into the system.
This issue has been resolved in OpenCms 21.
For older versions (OpenCms 11 and newer), we have provided a
corresponding security patch. Versions older than that are not affected
by this issue.
You can download the fix here:
https://files.alkacon.com/patches/rce_patch_20260331.zip
Please extract the ZIP file and copy the included WEB-INF directory into
the OpenCms web application, e.g. to “/webapps/ROOT/”.
Restart your servlet container after applying the path.
Best regards,
Michael
--
Michael Emmerich
Alkacon Software GmbH & Co. KG - The OpenCms Experts
http://www.alkacon.com - http://www.opencms.org
Amtsgericht Köln, HRA 32185, USt-IdNr.: DE259882372
Vertreten durch: Alkacon Verwaltungs GmbH
Geschäftsführer: Alexander Kandzior, Amtsgericht Köln, HRB 88218
More information about the opencms-dev
mailing list