CVE-2026-46718
Unsafe Reflection in Apache Calcite
Publication date: 2026-06-02
Last updated on: 2026-06-02
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | calcite | From 1.5.0 (inc) to 1.42 (exc) |
| apache | calcite | 1.42 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-470 | The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade Apache Calcite to version 1.42 or later, as this version contains the fix for the unsafe reflection issue.
Can you explain this vulnerability to me?
CVE-2026-46718 is a vulnerability in Apache Calcite caused by unsafe reflection, where externally-controlled input is used to select classes or code. This means that a user-controlled model can load arbitrary classes, which can lead to unintended behavior or security risks.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary code by loading arbitrary classes through unsafe reflection. This can lead to potential compromise of the system running Apache Calcite, including unauthorized actions or data breaches.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the CVE-2026-46718 vulnerability in Apache Calcite impacts compliance with common standards and regulations such as GDPR or HIPAA.