Lucene search
K

5 matches found

NVD
NVD
added 2026/06/04 5:16 p.m.16 views

CVE-2026-50076

Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and invoke classpath-present readResolve/readExternal hooks via...

9.1CVSS0.0052EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/04 4:9 p.m.40 views

CVE-2026-50076 Apache Fory: Java ReplaceResolverSerializer deserialization checks bypass

Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and invoke classpath-present readResolve/readExternal hooks via...

0.0052EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 4:9 p.m.44 views

CVE-2026-50076

CVE-2026-50076 affects the Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM. The issue is a deserialization flaw in the Java replace-resolve path that allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and to invoke classpath-present readResolve/r...

9.1CVSS5.8AI score0.0052EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.22 views

PT-2026-46269

Name of the Vulnerable Software and Affected Versions Apache Fory fory-core versions prior to 1.1.0 Description Deserialization of untrusted data in the Java replace-resolve path on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks. B...

9.1CVSS5.5AI score0.0052EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

Apache Fory 安全漏洞

Apache Fory is a serialization framework developed by the Apache Foundation in the United States. Versions of Apache Fory prior to 1.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the deserialization of untrusted data in the Java replace-resolve path, which could allow...

9.1CVSS5.6AI score0.0052EPSS
Exploits0References2
Rows per page
Query Builder