Hi all, quick vulnerability question.
Our vulnerability software has flagged up Rundeck v5.20 with CVE-2026-22732 because of the component spring-security-web-5.8.15.jarΒ
I could not find anything about this CVE in this forum or Rundeck web page.
How can we find out if thereβs a fix for this coming up soon?
Is there a place to report this?
Thanks!
Really appreciate it β
Does PagerDuty have an SLA for remediating critical CVEs?
Our Security department is pretty strict, and itβs mandatory for us to remediate CVEs on our live systems.
Β
Thanks again, Carlos
Hi Carlos, sorry for the delayed response. That fix should be available in Rundeck 6.0 (the next major release). The component has been updated to the fixed version (see gradle.properties), addressing the vulnerability detailed in CVE-2026-22732.
Right now, we don't have a specific ETA for Rundeck 6.0, but it is very close to being released. You can track its progress on the GitHub milestone page here: https://github.com/rundeck/rundeck/milestone/248.
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
