CVE-2026-34906
Server-Side Template Injection in Wirtualna Uczelnia Leads to RCE
Publication date: 2026-06-02
Last updated on: 2026-06-02
Assigner: CERT.PL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wirtualna_uczelnia | wirtualna_uczelnia | to wu#2016.437.295#0#20260327_105545 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1336 | The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Server-Side Template Injection (SSTI) in Wirtualna Uczelnia. It allows an unauthenticated attacker to perform Remote Code Execution (RCE) by injecting arbitrary template expressions into the redirectToUrl endpoint and the redirectUrlParameter parameter. These injected expressions are executed on the server, enabling the attacker to run remote commands, including establishing a reverse shell.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an unauthenticated attacker to perform Remote Code Execution on the affected system, potentially leading to unauthorized access to sensitive data or system control.
Such unauthorized access and potential data breaches could negatively impact compliance with data protection regulations like GDPR or HIPAA, which require safeguarding personal and sensitive information against unauthorized access.
However, the provided context and resources do not explicitly discuss the impact of this vulnerability on compliance with specific standards or regulations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves Server-Side Template Injection (SSTI) in the redirectToUrl endpoint and the redirectUrlParameter of Wirtualna Uczelnia. Detection typically involves testing these parameters for injection of template expressions that execute on the server.
You can attempt to detect the vulnerability by sending crafted HTTP requests to the redirectToUrl endpoint with payloads designed to trigger template execution. For example, sending payloads containing template syntax such as {{7*7}} or other expressions in the redirectUrlParameter and observing the server response or behavior.
Commands using curl to test might look like this:
- curl -v "http://target/wirtualna_uczelnia/redirectToUrl?redirectUrlParameter={{7*7}}"
- curl -v "http://target/wirtualna_uczelnia/redirectToUrl?redirectUrlParameter={{config.items}}"
If the server response contains the evaluated result of the template expression (e.g., 49 for {{7*7}}), it indicates the presence of SSTI vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Restrict or disable the vulnerable redirectToUrl endpoint or the redirectUrlParameter until a patch or fix is applied.
- Implement strict input validation and sanitization on the redirectUrlParameter to prevent injection of template expressions.
- Apply any available security patches or updates from the vendor that address this SSTI vulnerability.
- Monitor logs and network traffic for suspicious requests targeting the redirectToUrl endpoint.
Since the vulnerability allows unauthenticated remote code execution, immediate action to block or filter malicious inputs is critical to prevent exploitation.
How can this vulnerability impact me? :
The impact of this vulnerability is severe as it allows an attacker to execute arbitrary code on the server without authentication. This can lead to full system compromise, unauthorized access to sensitive data, disruption of services, and the attacker gaining control over the affected system, including the ability to establish a reverse shell.