Lucene search
+L

6 matches found

redhatcve
redhatcve
added 2025/12/13 9:41 a.m.5 views

CVE-2025-26866

A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process...

8.8CVSS8.7AI score0.00805EPSS
Exploits0References1
osv
osv
added 2025/12/12 12:30 p.m.5 views

GHSA-Q37J-3367-FWV7 Apache HugeGraph-Server: RAFT and deserialization vulnerability

A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process...

9.3CVSS8.6AI score0.00805EPSS
Exploits0References5
github
github
added 2025/12/12 12:30 p.m.10 views

Apache HugeGraph-Server: RAFT and deserialization vulnerability

A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process...

8.8CVSS8.7AI score0.00805EPSS
Exploits0References5Affected Software1
euvd
euvd
added 2025/12/12 9:23 a.m.5 views

EUVD-2025-203068

A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process...

8.8CVSS8.1AI score0.00805EPSS
Exploits0References4
cve
cve
added 2025/12/12 9:23 a.m.24 views

CVE-2025-26866

CVE-2025-26866 affects Apache HugeGraph-Server (HugeGraph-Server PD store) via insecure Hessian deserialization and RAFT-related manipulation, enabling remote code execution. Multiple sources describe a server-side deserialization vulnerability stemming from Hessian deserialization, with the miti...

8.8CVSS8.3AI score0.00805EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2025/12/09 12:0 a.m.10 views

PT-2025-50223

Name of the Vulnerable Software and Affected Versions Apache HugeGraph-Server versions prior to 1.7.0 Description A remote code execution issue exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict...

8.8CVSS8.2AI score0.00805EPSS
Exploits0References10
Rows per page
Query Builder