Xiandafu Beetl
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Xiandafu Beetl.
By the Year
In 2026 there have been 1 vulnerability in Xiandafu Beetl with an average score of 7.3 out of ten. Beetl did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 7.30 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 9.80 |
It may take a day or so for new Beetl vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Xiandafu Beetl Security Vulnerabilities
Remote RCE via SpELFunction in xiandafu Beetl 3.20.2 (Java)
CVE-2026-8759
7.3 - High
- May 17, 2026
A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFunction.java of the component SpELFunction. The manipulation leads to improper neutralization of special elements used in an expression language statement. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
EL Injection
Beetl 3.x SSTI via Unfiltered SecMgr Code Exec
CVE-2024-22533
9.8 - Critical
- February 02, 2024
Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be bypassed, leading to arbitrary code execution.
Code Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Xiandafu Beetl or by Xiandafu? Click the Watch button to subscribe.
