A vulnerability was found in Apache Syncope up to 3.0.16/4.0.5/4.1.0 . It has been declared as problematic . This affects an unknown part of the component JEXL Handler . The manipulation results in exposure of sensitive information through data queries. This vulnerability is reported as CVE-2026-42797 . The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.