CVE-2026-34906
Deferred Deferred - Pending Action
Server-Side Template Injection in Wirtualna Uczelnia Leads to RCE

Publication date: 2026-06-02

Last updated on: 2026-06-02

Assigner: CERT.PL

Description
Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint redirectToUrl and parameter redirectUrlParameter, insufficient input validation permits injection of arbitrary template expressions that are executed on the server. Successful exploitation can allow an attacker to run remote commands, including establishing a reverse shell. This issue affects Wirtualna Uczelnia versions up to wu#2016.437.295#0#20260327_105545
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-02
Last Modified
2026-06-02
Generated
2026-06-22
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-21
NVD
CVE-2026-34906
EUVD
EUVD-2026-33902
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wirtualna_uczelnia wirtualna_uczelnia to wu#2016.437.295#0#20260327_105545 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1336 The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Server-Side Template Injection (SSTI) in Wirtualna Uczelnia. It allows an unauthenticated attacker to perform Remote Code Execution (RCE) by injecting arbitrary template expressions into the redirectToUrl endpoint and the redirectUrlParameter parameter. These injected expressions are executed on the server, enabling the attacker to run remote commands, including establishing a reverse shell.

Impact Analysis

The impact of this vulnerability is severe as it allows an attacker to execute arbitrary code on the server without authentication. This can lead to full system compromise, unauthorized access to sensitive data, disruption of services, and the attacker gaining control over the affected system, including the ability to establish a reverse shell.

Compliance Impact

The vulnerability allows an unauthenticated attacker to perform Remote Code Execution on the affected system, potentially leading to unauthorized access to sensitive data or system control.

Such unauthorized access and potential data breaches could negatively impact compliance with data protection regulations like GDPR or HIPAA, which require safeguarding personal and sensitive information against unauthorized access.

However, the provided context and resources do not explicitly discuss the impact of this vulnerability on compliance with specific standards or regulations.

Detection Guidance

This vulnerability involves Server-Side Template Injection (SSTI) in the redirectToUrl endpoint and the redirectUrlParameter of Wirtualna Uczelnia. Detection typically involves testing these parameters for injection of template expressions that execute on the server.

You can attempt to detect the vulnerability by sending crafted HTTP requests to the redirectToUrl endpoint with payloads designed to trigger template execution. For example, sending payloads containing template syntax such as {{7*7}} or other expressions in the redirectUrlParameter and observing the server response or behavior.

Commands using curl to test might look like this:

  • curl -v "http://target/wirtualna_uczelnia/redirectToUrl?redirectUrlParameter={{7*7}}"
  • curl -v "http://target/wirtualna_uczelnia/redirectToUrl?redirectUrlParameter={{config.items}}"

If the server response contains the evaluated result of the template expression (e.g., 49 for {{7*7}}), it indicates the presence of SSTI vulnerability.

Mitigation Strategies

Immediate mitigation steps include:

  • Restrict or disable the vulnerable redirectToUrl endpoint or the redirectUrlParameter until a patch or fix is applied.
  • Implement strict input validation and sanitization on the redirectUrlParameter to prevent injection of template expressions.
  • Apply any available security patches or updates from the vendor that address this SSTI vulnerability.
  • Monitor logs and network traffic for suspicious requests targeting the redirectToUrl endpoint.

Since the vulnerability allows unauthenticated remote code execution, immediate action to block or filter malicious inputs is critical to prevent exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34906. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart