CVE-2026-6009
Awaiting Analysis Awaiting Analysis - Queue
Java Deserialization RCE in Jaspersoft Reports

Publication date: 2026-05-19

Last updated on: 2026-05-19

Assigner: Jaspersoft

Description
Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution (RCE), potentially allowing code execution on the affected system
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-19
Last Modified
2026-05-19
Generated
2026-06-10
AI Q&A
2026-05-19
EPSS Evaluated
2026-06-08
NVD
CVE-2026-6009
EUVD
EUVD-2026-30962
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
jaspersoft reports_library *
jaspersoft jaspersoft_reports_library *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Java Deserialization Vulnerability found in the Jaspersoft Reports Library. It allows an attacker to perform Remote Code Execution (RCE), meaning the attacker can execute arbitrary code on the affected system remotely.

Impact Analysis

The impact of this vulnerability is severe because it enables remote attackers to execute arbitrary code on the affected system. This can lead to unauthorized control over the system, data breaches, disruption of services, or further exploitation within the network.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6009. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart