Browse all 6 CVE security advisories affecting OSC. AI-powered Chinese analysis, POCs, and references for each vulnerability.
OSC is a software platform primarily used for orchestration and automation in enterprise environments. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for its six recorded CVEs. The platform's complex architecture and extensive integration capabilities have contributed to these security challenges. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities suggests potential risks in default configurations or outdated deployments. Organizations implementing OSC should prioritize regular updates and strict access controls to mitigate these known weaknesses.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-26002 | OnDemand susceptible to malicious input when navigating to a directory. — ondemandCWE-74 | 8.0AI | HighAI | 2026-03-04 |
| CVE-2025-66029 | Open OnDemand affected by Apache proxy passing sensitive headers — ondemandCWE-522 | 7.6 | High | 2025-12-17 |
| CVE-2025-64185 | Open OnDemand RPM packages create world writable locations — ondemandCWE-277 | - | - | 2025-11-20 |
| CVE-2025-62724 | Open OnDemand allowlist bypass using symlinks in directory downloads (TOCTOU) — ondemandCWE-61 | 4.3 | Medium | 2025-11-20 |
| CVE-2025-58435 | Open OnDemand didn't rotate password for VNC batch_connect — ondemandCWE-262 | 8.1AI | HighAI | 2025-09-09 |
| CVE-2025-53636 | Open OnDemand Shell App closed websocket DoS — ondemandCWE-400 | 5.4 | Medium | 2025-07-11 |
This page lists every published CVE security advisory associated with OSC. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.