Vulnerability Details CVE-2025-26796
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Oozie.
This issue affects Apache Oozie: all versions.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.5%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2025-26796
-
cpe:2.3:a:apache:oozie:3.1.2
-
cpe:2.3:a:apache:oozie:3.1.3
-
cpe:2.3:a:apache:oozie:3.2.0
-
cpe:2.3:a:apache:oozie:3.3.0
-
cpe:2.3:a:apache:oozie:3.3.1
-
cpe:2.3:a:apache:oozie:3.3.2
-
cpe:2.3:a:apache:oozie:4.0.0
-
cpe:2.3:a:apache:oozie:4.0.1
-
cpe:2.3:a:apache:oozie:4.1.0
-
cpe:2.3:a:apache:oozie:4.2.0
-
cpe:2.3:a:apache:oozie:4.3.0
-
cpe:2.3:a:apache:oozie:4.3.1
-
cpe:2.3:a:apache:oozie:5.0.0
-
cpe:2.3:a:apache:oozie:5.1.0
-
cpe:2.3:a:apache:oozie:5.2.0
-
cpe:2.3:a:apache:oozie:5.2.1