vulnerability

Apache Struts: S2-069 (CVE-2025-68493): Security updates available for Apache Struts

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:N/A:C)	Jan 12, 2026	Jan 12, 2026	Mar 27, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:N/A:C)

Published

Jan 12, 2026

Added

Jan 12, 2026

Modified

Mar 27, 2026

Description

Missing XML Validation vulnerability in Apache Struts, Apache Struts.

This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.

Users are recommended to upgrade to version 6.1.1, which fixes the issue.

Solution

apache-struts-upgrade-6_1_1

References

CVE-2025-68493
https://attackerkb.com/topics/CVE-2025-68493
CWE-611
EUVD-EUVD-2026-1898
https://cwiki.apache.org/confluence/display/WW/S2-069
https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-1898

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today