A vulnerability classified as critical was found in Eclipse Glassfish up to 7.0.x/8.0.0 . This vulnerability affects unknown code of the component Gadget Handler . The manipulation results in improper neutralization of special elements used in an expression language statement. This vulnerability is identified as CVE-2026-2587 . The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.