A serious vulnerability has been found in Apache Struts on which VOMS-Admin is dependent. The exploit of this vulnerability could cause remote code execution. Apache Struts version 2.5.26 fixes this issue.

Sites running VOMS-Admin should upgrade to voms-admin-server 3.8.1 which uses the fixed version of Apache Struts.

More information can be found in the SVG Advisory.