Apache MINA Vulnerable to Deserialization of Untrusted Data (CVE-2024-52046 Incomplete Fix)

🗓️ 27 Apr 2026 12:30:38Reported by GitHub Advisory DatabaseType

Apache MINA deserialization flaw CVE-2024-52046; fix incomplete; upgrade to 2.0.28, 2.1.11, or 2.2.6.

Reporter	Title	Published	Views	Family All 101
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM DataStax Enterprise	27 May 202617:14	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Data Virtualization on Cloud Pak for Data (March 2025)	27 Mar 202516:18	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in org.apache.mina_mina-core affects IBM Db2 Data Management Console(CVE-2024-52046)	23 Jul 202520:49	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Operational Decision Manager for April 2025 - Multiple CVEs addressed	7 May 202520:48	–	ibm
IBM Security Bulletins	Security Bulletin: Due to use of mina-core IBM My webMethods Server is vulnerable to Insecure Java Deserilization	23 Jun 202511:51	–	ibm
IBM Security Bulletins	Security Bulletin: Due to the Use Apache MINA Core, IBM App Connect Professional is vulnerable to Remote Code Execution	15 Apr 202504:00	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in XStream and Apache MINA might affect IBM Storage Defender Copy Data Management.	16 May 202519:22	–	ibm
ATTACKERKB	CVE-2026-42778	1 May 202610:01	–	attackerkb
ATTACKERKB	CVE-2026-41409	27 Apr 202609:20	–	attackerkb
Chainguard	CVE-2024-52046 vulnerabilities	25 Dec 202410:15	–	cgr

Vulners

Node

org.apache.mina mina-coreRange2.1.0–2.1.11maven

org.apache.mina mina-coreRange2.0.0–2.0.28maven

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-41409
lists	www.lists.apache.org/thread/9ddvsq6c4l5bhwq8l14sob4f8qjvx5c9
github	www.github.com/advisories/GHSA-76h9-2vwh-w278
github	www.github.com/advisories/GHSA-f2wh-grmh-r6jm

05 May 2026 21:38Current

7.3High risk

Vulners AI Score7.3

CVSS 3.19.8

CVSS 410

EPSS0.55384

SSVC