2 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-54512
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4,...
CVE-2026-54512 jackson-databind: PolymorphicTypeValidator bypass via generic type parameters allows arbitrary class instantiation
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, jackson-databind's PolymorphicTypeValidator PTV is the primary safety mechanism guarding polymorphic deserialization. When polymorphic...