CVE-2022-24816CISA KEVEPSS p99.9%

CVE-2022-24816OSGeo GeoServer JAI-EXT Code Injection Vulnerability

OSGeo / JAI-EXT

Description

OSGeo GeoServer JAI-EXT contains a code injection vulnerability that, when programs use jt-jiffle and allow Jiffle script to be provided via network request, could allow remote code execution.

Scoring

EPSS98.68% probability of exploitation · percentile 99.9% · 2026-06-15T12:03:41Z

CISA KEV entry

Added to KEV: 2024-06-26

(incoming)1

TypeTargetConfidenceTier
KEVEntryOSGeo GeoServer JAI-EXT Code Injection Vulnerabilitykev-cve-2022-248160%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
OSGeo GeoServer GeoTools Eval Injection Vulnerability
CVE
CVE-2026-30479
CVE
OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability
CVE
CVE-2025-45854
CVE
CVE-2025-48169
CVE
CVE-2025-10492
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.