CVE-2026-55153 mchange-commons-java contains elements susceptible to abuse via JNDI injection and "deserialization gadgets"
mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, its JNDI ObjectFactory implementation com.mchange.v2.naming.JavaBeanObjectFactory will construct objects of arbitrary classes and initialize...