CVE-2025-59059

CVE-2025-59059: Apache Ranger: Remote Code Execution Vulnerability in NashornScriptEngineCreator

Vendor Apache Software Foundation

Product Apache Ranger

Weakness CWE-94 · Code injection

Published March 3, 2026

Last update March 3, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions <= 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue.

Key dates

Disclosure timeline

March 3, 2026 CVE published

March 3, 2026 Record updated