CVE-2026-24656
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-26

Last updated on: 2026-01-27

Assigner: Apache Software Foundation

Description
Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. It means that the log socket collector is vulnerable to deserialization of untrusted data, eventually causing DoS. NB: Decanter log socket collector is not installed by default. Users who have not installed Decanter log socket are not impacted by this issue. This issue affects Apache Karaf Decanter before 2.12.0. Users are recommended to upgrade to version 2.12.0, which fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-26
Last Modified
2026-01-27
Generated
2026-05-07
AI Q&A
2026-01-26
EPSS Evaluated
2026-05-05
NVD
CVE-2026-24656
EUVD
EUVD-2026-4680
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
apache karaf_decanter to 2.12.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a deserialization of untrusted data issue in the Apache Karaf Decanter log socket collector. The collector exposes port 4560 without any authentication, allowing attackers to send malicious serialized data. Although there is a configuration property to restrict allowed classes, this can be bypassed. As a result, the component is vulnerable to deserialization attacks that can cause denial of service (DoS). The Decanter log socket collector is not installed by default, so only users who have installed it are affected. The issue is fixed in version 2.12.0. [1]


How can this vulnerability impact me? :

This vulnerability can impact you by allowing an attacker to cause a denial of service (DoS) on the affected system. Since the log socket collector listens on port 4560 without authentication, an attacker can send crafted serialized data to exploit the deserialization flaw, potentially disrupting the service or causing it to crash. Users who have not installed the Decanter log socket collector are not impacted. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect this vulnerability by checking if the Apache Karaf Decanter log socket collector is installed and if port 4560 is open and exposed without authentication. A simple network scan command such as 'netstat -an | grep 4560' or 'ss -tuln | grep 4560' on the system can help identify if the port is listening. Additionally, using network scanning tools like 'nmap -p 4560 <target-ip>' can verify if the port is open on the network. If the log socket collector is not installed, the system is not affected. [1]


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to upgrade Apache Karaf Decanter to version 2.12.0 or later, where this vulnerability is fixed. If upgrading is not immediately possible, ensure that the log socket collector is not installed or disable it if it is installed. Additionally, restrict access to port 4560 by firewall rules to prevent unauthorized access to the log socket collector. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart