An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user.