GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection
Administrator can perform JNDI attack through specially crafted DB2 jdbc url leading to Remote Code Execution (RCE).
Advisories for Maven/Org.geoserver.extension/Gs-Db2 package
2026