CVE-2026-6009
Awaiting Analysis Awaiting Analysis - Queue

Java Deserialization RCE in Jaspersoft Reports

Publication date: 2026-05-19

Last updated on: 2026-05-19

Assigner: Jaspersoft

Description
Java Deserialisation Vulnerability in Jaspersoft Reports Library leads toΒ Remote Code Execution (RCE), potentially allowing code execution on the affected system

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-19
Last Modified
2026-05-19
Generated
2026-06-30
AI Q&A
2026-05-19
EPSS Evaluated
2026-06-28
NVD
CVE-2026-6009
EUVD
EUVD-2026-30962

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
jaspersoft reports_library *
jaspersoft jaspersoft_reports_library *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a Java Deserialization Vulnerability found in the Jaspersoft Reports Library. It allows an attacker to perform Remote Code Execution (RCE), meaning the attacker can execute arbitrary code on the affected system remotely.

Impact Analysis

The impact of this vulnerability is severe because it enables remote attackers to execute arbitrary code on the affected system. This can lead to unauthorized control over the system, data breaches, disruption of services, or further exploitation within the network.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6009. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart