A vulnerability, which was classified as problematic , was found in Payara Server up to 7.2026.5 . The impacted element is an unknown function of the component Admin GUI . Executing a manipulation can lead to cross-site request forgery. This vulnerability is registered as CVE-2026-12986 . It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.