RHSA-2026%3A6012 — Vulnetix

RHSA-2026%3A6012 PUBLISHED CVSS 7.5 HIGH

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
	Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server
	eap7

Exploit Intelligence

Hibernate ORM Second-Order SQL Injection (github-poc-repo)
Hibernate ORM Second-Order SQL Injection (github-poc-repo)
Hibernate ORM Second-Order SQL Injection (github-poc)
Hibernate ORM Second-Order SQL Injection (github-poc)
https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index (circl)
https://bugzilla.redhat.com/show_bug.cgi?id=2275287 (circl)
https://bugzilla.redhat.com/show_bug.cgi?id=2387221 (circl)
https://bugzilla.redhat.com/show_bug.cgi?id=2427147 (circl)
https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6012.json (circl)
https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/7.1.0_release_notes/index (circl)

…and 5 more exploits

Timeline

Mar 30, 2026 CVE Published
Apr 1, 2026 CVE Updated
Apr 2, 2026 Distribution Patch
Apr 2, 2026 Distribution Patch
Apr 2, 2026 Security Advisory
May 1, 2026 Security Advisory
May 1, 2026 Security Advisory
May 1, 2026 Security Advisory

References

Open in Interactive Console →