Command Injection Vulnerability in Apache Continuum by Apache
CVE-2016-15057

9.9CRITICAL

Key Information:

Vendor: Apache
Status: Apache Continuum
Vendor: CVE Published:; 26 January 2026

What is CVE-2016-15057?

An improper neutralization of special elements used in a command vulnerability has been identified in Apache Continuum. Attackers with access to the REST API can potentially execute arbitrary commands on the server. Since Apache Continuum is a retired project, no fixes will be released for this vulnerability, making it critical for users to either seek alternative solutions or strictly limit access to their installations to trusted parties only.

Affected Version(s)

Apache Continuum 0

References

https://lists.apache.org/thread/hbvf1ztqw2kv51khvzm5nk3mm...

vendor-advisory

EPSS Score

28% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 26, 2026
Vulnerability Reserved
Jan 23, 2026

CVE-2016-15057 Data

JSON