SA-2026-019 - Hibernate Validator EL Interpolation... - Extreme Networks

Summary

Hibernate Validator, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator no longer interpolates custom constraint violation messages with Expression Language and strongly recommends not allowing user-supplied input in constraint violation messages.

Products Potentially Affected

OS/Product	Exposure
ExtremeCloud IQ - Site Engine (XIQ-SE)	Yes

Repair Recommendations

ExtremeCloud IQ - Site Engine (XIQ-SE):

Fixed in 26.02.10.41 or later.

Please see the full security advisory article here for more details and future updates.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Extreme Networks

SA-2026-019 - Hibernate Validator EL Interpolation Code Injection (CVE-2025-35036)

SA-2023-047 - Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues (Leaking fr

SA-2023-107 - libcurl cookie injection with none file (CVE-2023-38546)

SA-2023-106 - SOCKS5 heap buffer overflow (CVE-2023-38545)