{"uuid": "ea023d80-d15e-4eeb-8580-d8d61ec6e8fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54513", "type": "seen", "source": "https://bsky.app/profile/suriq.io/post/3moyfja6qza2l", "content": "The safety check you added to keep Java's JSON parser safe has a hole.\n\nJackson's allowlist never checks array contents, so a banned class hidden in an array gets built. (CVE-2026-54513)\n\nFix: jackson-databind 2.18.8 / 2.21.4 / 3.1.4.", "creation_timestamp": "2026-06-23T21:59:11.504088Z"}