6 matches found
CVE-2025-26866
A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process...
Apache HugeGraph-Server: RAFT and deserialization vulnerability
A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process...
GHSA-Q37J-3367-FWV7 Apache HugeGraph-Server: RAFT and deserialization vulnerability
A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process...
CVE-2025-26866
CVE-2025-26866 affects Apache HugeGraph-Server (HugeGraph-Server PD store) via insecure Hessian deserialization and RAFT-related manipulation, enabling remote code execution. Multiple sources describe a server-side deserialization vulnerability stemming from Hessian deserialization, with the miti...
EUVD-2025-203068
A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process...
PT-2025-50223
Name of the Vulnerable Software and Affected Versions Apache HugeGraph-Server versions prior to 1.7.0 Description A remote code execution issue exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict...