K000161244: Apache MINA vulnerabilities CVE-2026-42778 and CVE-2026-42779

🗓️ 13 May 2026 06:23:01Reported by f5Type

f5🔗 my.f5.com👁 11 Views

Apache Mina fixes deserialization and class resolution bypass; upgrade to 2.1.12 or 2.2.7.

Reporter	Title	Published	Views	Family All 163
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM DataStax Enterprise	27 May 202617:14	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Data Virtualization on Cloud Pak for Data (March 2025)	27 Mar 202516:18	–	ibm
IBM Security Bulletins	Security Bulletin: IBM webMethods BPM is vulnerable to Deserialization of Untrusted Data	17 Jun 202609:47	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in org.apache.mina_mina-core affects IBM Db2 Data Management Console(CVE-2024-52046)	23 Jul 202520:49	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Operational Decision Manager for April 2025 - Multiple CVEs addressed	7 May 202520:48	–	ibm
IBM Security Bulletins	Security Bulletin: Due to use of mina-core IBM My webMethods Server is vulnerable to Insecure Java Deserilization	23 Jun 202511:51	–	ibm
IBM Security Bulletins	Security Bulletin: Due to the Use Apache MINA Core, IBM App Connect Professional is vulnerable to Remote Code Execution	15 Apr 202504:00	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in XStream and Apache MINA might affect IBM Storage Defender Copy Data Management.	16 May 202519:22	–	ibm
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Mina	2 May 202608:26	–	githubexploit
ATTACKERKB	CVE-2026-42778	1 May 202610:01	–	attackerkb

13 May 2026 06:23Current

7.3High risk

Vulners AI Score7.3

CVSS 3.19.8

CVSS 410

EPSS0.23932

SSVC

apache mina deserialization allowlist class resolution vulnerability fix upgrade recommended