CVE-2026-46718
Analyzed Analyzed - Analysis Complete
Unsafe Reflection in Apache Calcite

Publication date: 2026-06-02

Last updated on: 2026-06-03

Assigner: Apache Software Foundation

Description
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-02
Last Modified
2026-06-03
Generated
2026-06-22
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-21
NVD
CVE-2026-46718
EUVD
EUVD-2026-33906
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
apache calcite From 1.5.0 (inc) to 1.42.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-470 The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade Apache Calcite to version 1.42 or later, as this version contains the fix for the unsafe reflection issue.

Executive Summary

CVE-2026-46718 is a vulnerability in Apache Calcite caused by unsafe reflection, where externally-controlled input is used to select classes or code. This means that a user-controlled model can load arbitrary classes, which can lead to unintended behavior or security risks.

Impact Analysis

This vulnerability can allow an attacker to execute arbitrary code by loading arbitrary classes through unsafe reflection. This can lead to potential compromise of the system running Apache Calcite, including unauthorized actions or data breaches.

Compliance Impact

The provided information does not specify how the CVE-2026-46718 vulnerability in Apache Calcite impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46718. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart