A vulnerability was found in Apache Syncope up to 3.0.16/4.0.5/4.1.0 . It has been classified as problematic . Affected by this issue is some unknown functionality of the component Groovy Code Handler . The manipulation leads to improper isolation or compartmentalization. This vulnerability is documented as CVE-2026-42782 . The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.