Cross-Site Scripting Vulnerability in Apache Oozie Affects Users
CVE-2025-26796

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Oozie
Vendor: CVE Published:; 22 March 2025

What is CVE-2025-26796?

Apache Oozie is prone to a Cross-site Scripting vulnerability, which arises from improper input neutralization during web page generation. This vulnerability affects all versions of Apache Oozie. As the project is no longer actively maintained, no fixes or updates will be provided. Users are urged to seek alternative solutions or limit access to affected instances to trusted users only, to mitigate potential exploitation risks.

Affected Version(s)

Apache Oozie 0

References

https://lists.apache.org/thread/fzrmsslnrpl0vpp0jr73fosmf...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 22, 2025
Vulnerability Reserved
Feb 14, 2025

Credit

Nikhil Daf