CVE-2026-6009
Awaiting Analysis
Awaiting Analysis - Queue
Java Deserialization RCE in Jaspersoft Reports
Publication date: 2026-05-19
Last updated on: 2026-05-19
Assigner: Jaspersoft
Description
Description
Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution (RCE), potentially allowing code execution on the affected system
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jaspersoft | reports_library | * |
| jaspersoft | jaspersoft_reports_library | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Java Deserialization Vulnerability found in the Jaspersoft Reports Library. It allows an attacker to perform Remote Code Execution (RCE), meaning the attacker can execute arbitrary code on the affected system remotely.
How can this vulnerability impact me? :
The impact of this vulnerability is severe because it enables remote attackers to execute arbitrary code on the affected system. This can lead to unauthorized control over the system, data breaches, disruption of services, or further exploitation within the network.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70