{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-47065", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2026-05-18T16:53:39.555Z", "datePublished": "2026-06-03T09:39:41.629Z", "dateUpdated": "2026-06-03T09:39:41.629Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://repo.maven.apache.org/maven2/org/apache/mina", "defaultStatus": "unaffected", "packageName": "org.apache.mina:mina-core", "product": "Apache MINA", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "2.2.8", "status": "affected", "version": "2.2.0", "versionType": "semver"}, {"lessThan": "2.1.13", "status": "affected", "version": "2.1.0", "versionType": "semver"}, {"lessThan": "2.0.29", "status": "affected", "version": "2.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Venkatraman Kumar, SecureIn"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy</p>\n<p>Assessment: Fully addressed.</p>\n<p>When the serialised stream contains a TC_PROXYCLASSDESC (the marker \nfor a java.lang.reflect.Proxy ), JDK\u2019s ObjectInputStream.readProxyDesc()\n is\ndispatched. JDK then calls the default \nObjectInputStream.resolveProxyClass(interfaces) implementation, which \nperforms Class.forName(intf, false, latestUserDefinedLoader()) for EACH \ninterface name and constructs the proxy class \u00e2\u20ac\u201d bypassing the accepted\n classes list .</p>\n<p>ZDRES-233: Class.forName(name, initialize=true, classLoader) in \nreadClassDescriptor Triggers Static Initialiser of Allow-Listed Classes</p>\n<p>Assessment: Fully addressed.</p>\n<p>For ANY class on the allow-list, deserialising a stream that names it triggers the class\u2019s \n (static initialiser) BEFORE any instance is constructed. This means an \nattacker who supplies a class name on the allow-list (e.g., the \ndeveloper wrote accept(\u201ccom.myapp.*\") , attacker supplies \ncom.myapp.SomeClass ) causes &lt;clinit&gt; of SomeClass \u00e2\u20ac\u201d and many \nreal-world classes have side-effecting static initialisers</p>\n<p>Both issues have been fixed.</p><br>"}], "value": "ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy\n\n\nAssessment: Fully addressed.\n\n\nWhen the serialised stream contains a TC_PROXYCLASSDESC (the marker \nfor a java.lang.reflect.Proxy ), JDK\u2019s ObjectInputStream.readProxyDesc()\n is\ndispatched. JDK then calls the default \nObjectInputStream.resolveProxyClass(interfaces) implementation, which \nperforms Class.forName(intf, false, latestUserDefinedLoader()) for EACH \ninterface name and constructs the proxy class \u00e2\u20ac\u201d bypassing the accepted\n classes list .\n\n\nZDRES-233: Class.forName(name, initialize=true, classLoader) in \nreadClassDescriptor Triggers Static Initialiser of Allow-Listed Classes\n\n\nAssessment: Fully addressed.\n\n\nFor ANY class on the allow-list, deserialising a stream that names it triggers the class\u2019s \n (static initialiser) BEFORE any instance is constructed. This means an \nattacker who supplies a class name on the allow-list (e.g., the \ndeveloper wrote accept(\u201ccom.myapp.*\") , attacker supplies \ncom.myapp.SomeClass ) causes <clinit> of SomeClass \u00e2\u20ac\u201d and many \nreal-world classes have side-effecting static initialisers\n\n\nBoth issues have been fixed."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2026-06-03T09:39:41.629Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/y7xj1bl8qo47p9bktb11hg5v6k1d4dyj"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232", "x_generator": {"engine": "Vulnogram 0.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy\n\n\nAssessment: Fully addressed.\n\n\nWhen the serialised stream contains a TC_PROXYCLASSDESC (the marker \nfor a java.lang.reflect.Proxy ), JDK\u2019s ObjectInputStream.readProxyDesc()\n is\ndispatched. JDK then calls the default \nObjectInputStream.resolveProxyClass(interfaces) implementation, which \nperforms Class.forName(intf, false, latestUserDefinedLoader()) for EACH \ninterface name and constructs the proxy class \u00e2\u20ac\u201d bypassing the accepted\n classes list .\n\n\nZDRES-233: Class.forName(name, initialize=true, classLoader) in \nreadClassDescriptor Triggers Static Initialiser of Allow-Listed Classes\n\n\nAssessment: Fully addressed.\n\n\nFor ANY class on the allow-list, deserialising a stream that names it triggers the class\u2019s \n (static initialiser) BEFORE any instance is constructed. This means an \nattacker who supplies a class name on the allow-list (e.g., the \ndeveloper wrote accept(\u201ccom.myapp.*\") , attacker supplies \ncom.myapp.SomeClass ) causes <clinit> of SomeClass \u00e2\u20ac\u201d and many \nreal-world classes have side-effecting static initialisers\n\n\nBoth issues have been fixed."}], "id": "CVE-2026-47065", "lastModified": "2026-06-03T11:16:19.800", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@apache.org", "type": "Secondary"}]}, "published": "2026-06-03T11:16:19.800", "references": [{"source": "security@apache.org", "url": "https://lists.apache.org/thread/y7xj1bl8qo47p9bktb11hg5v6k1d4dyj"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "security@apache.org", "type": "Primary"}]}

{}

{"created": "2026-06-03T12:30:26.157910+00:00", "updated": "2026-06-03T12:30:26.157922+00:00", "vendors": []}