CVE-2026-10532

🗓️ 01 Jun 2026 11:30:47Reported by NCSC.chType

CVE-2026-10532 bypasses HardenedObjectInputStream in Logback via Proxy objects from serialized data.

Reporter	Title	Published	Views	Family All 15
ATTACKERKB	CVE-2026-10532	1 Jun 202611:30	–	attackerkb
CNNVD	logback 安全漏洞	1 Jun 202600:00	–	cnnvd
Cvelist	CVE-2026-10532 Logback deserialization whitelist bypass for Proxy objects	1 Jun 202611:30	–	cvelist
Debian CVE	CVE-2026-10532	1 Jun 202611:30	–	debiancve
EUVD	EUVD-2026-33632	1 Jun 202611:30	–	euvd
NVD	CVE-2026-10532	1 Jun 202613:16	–	nvd
OPENSUSE Linux	logback-1.5.34-1.1 on GA media (moderate)	12 Jun 202600:00	–	opensuse
OSV	DEBIAN-CVE-2026-10532	1 Jun 202613:16	–	osv
OSV	OPENSUSE-SU-2026:10999-1 logback-1.5.34-1.1 on GA media	11 Jun 202600:00	–	osv
OSV	UBUNTU-CVE-2026-10532	1 Jun 202613:16	–	osv

[
  {
    "vendor": "QOS.CH Sarl",
    "product": "logback",
    "packageName": "logback-core",
    "repo": "https://github.com/qos-ch/logback",
    "modules": [
      "HardenedObjectInputStream (logback-core)"
    ],
    "programFiles": [
      "HardenedObjectInputStream.java"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThanOrEqual": "1.5.33",
        "versionType": "maven"
      },
      {
        "status": "unaffected",
        "version": "1.5.34"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
logback	www.logback.qos.ch/news.html

17 Jun 2026 10:12Current

6.4Medium risk

Vulners AI Score6.4

CVSS 46.3

EPSS0.00342

SSVC

CWE-502