CVE-2025-26074: Conductor vulnerable to OS command injection through unrestricted access to Java classes

Severity: Critical

CVSS Score: 9.8

Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes.