CVE-2026-47065 (GCVE-0-2026-47065)

Vulnerability from cvelistv5 – Published: 2026-06-03 09:39 – Updated: 2026-06-03 22:28
VLAI
Title
Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232
Summary
ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TC_PROXYCLASSDESC (the marker for a java.lang.reflect.Proxy ), JDK’s ObjectInputStream.readProxyDesc() is dispatched. JDK then calls the default ObjectInputStream.resolveProxyClass(interfaces) implementation, which performs Class.forName(intf, false, latestUserDefinedLoader()) for EACH interface name and constructs the proxy class — bypassing the accepted classes list . ZDRES-233: Class.forName(name, initialize=true, classLoader) in readClassDescriptor Triggers Static Initialiser of Allow-Listed Classes Assessment: Fully addressed. For ANY class on the allow-list, deserialising a stream that names it triggers the class’s (static initialiser) BEFORE any instance is constructed. This means an attacker who supplies a class name on the allow-list (e.g., the developer wrote accept(“com.myapp.*") , attacker supplies com.myapp.SomeClass ) causes <clinit> of SomeClass — and many real-world classes have side-effecting static initialisers Both issues have been fixed.
Severity
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
Vendor Product Version
Apache Software Foundation Apache MINA Affected: 2.2.0 , < 2.2.8 (semver)
Affected: 2.1.0 , < 2.1.13 (semver)
Affected: 2.0.0 , < 2.0.29 (semver)
Create a notification for this product.
Credits
Venkatraman Kumar, SecureIn keda (GitHub: @yuui25)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-47065",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-03T12:46:45.451617Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-03T12:46:58.145Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2/org/apache/mina",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.mina:mina-core",
          "product": "Apache MINA",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2.2.8",
              "status": "affected",
              "version": "2.2.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.1.13",
              "status": "affected",
              "version": "2.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.0.29",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Venkatraman Kumar, SecureIn"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "keda (GitHub: @yuui25)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy\u003c/p\u003e\n\u003cp\u003eAssessment: Fully addressed.\u003c/p\u003e\n\u003cp\u003eWhen the serialised stream contains a TC_PROXYCLASSDESC (the marker \nfor a java.lang.reflect.Proxy ), JDK\u2019s ObjectInputStream.readProxyDesc()\n is\ndispatched. JDK then calls the default \nObjectInputStream.resolveProxyClass(interfaces) implementation, which \nperforms Class.forName(intf, false, latestUserDefinedLoader()) for EACH \ninterface name and constructs the proxy class \u00e2\u20ac\u201d bypassing the accepted\n classes list .\u003c/p\u003e\n\u003cp\u003eZDRES-233: Class.forName(name, initialize=true, classLoader) in \nreadClassDescriptor Triggers Static Initialiser of Allow-Listed Classes\u003c/p\u003e\n\u003cp\u003eAssessment: Fully addressed.\u003c/p\u003e\n\u003cp\u003eFor ANY class on the allow-list, deserialising a stream that names it triggers the class\u2019s \n (static initialiser) BEFORE any instance is constructed. This means an \nattacker who supplies a class name on the allow-list (e.g., the \ndeveloper wrote accept(\u201ccom.myapp.*\") , attacker supplies \ncom.myapp.SomeClass ) causes \u0026lt;clinit\u0026gt; of SomeClass \u00e2\u20ac\u201d and many \nreal-world classes have side-effecting static initialisers\u003c/p\u003e\n\u003cp\u003eBoth issues have been fixed.\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy\n\n\nAssessment: Fully addressed.\n\n\nWhen the serialised stream contains a TC_PROXYCLASSDESC (the marker \nfor a java.lang.reflect.Proxy ), JDK\u2019s ObjectInputStream.readProxyDesc()\n is\ndispatched. JDK then calls the default \nObjectInputStream.resolveProxyClass(interfaces) implementation, which \nperforms Class.forName(intf, false, latestUserDefinedLoader()) for EACH \ninterface name and constructs the proxy class \u00e2\u20ac\u201d bypassing the accepted\n classes list .\n\n\nZDRES-233: Class.forName(name, initialize=true, classLoader) in \nreadClassDescriptor Triggers Static Initialiser of Allow-Listed Classes\n\n\nAssessment: Fully addressed.\n\n\nFor ANY class on the allow-list, deserialising a stream that names it triggers the class\u2019s \n (static initialiser) BEFORE any instance is constructed. This means an \nattacker who supplies a class name on the allow-list (e.g., the \ndeveloper wrote accept(\u201ccom.myapp.*\") , attacker supplies \ncom.myapp.SomeClass ) causes \u003cclinit\u003e of SomeClass \u00e2\u20ac\u201d and many \nreal-world classes have side-effecting static initialisers\n\n\nBoth issues have been fixed."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-03T22:28:41.093Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/y7xj1bl8qo47p9bktb11hg5v6k1d4dyj"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-47065",
    "datePublished": "2026-06-03T09:39:41.629Z",
    "dateReserved": "2026-05-18T16:53:39.555Z",
    "dateUpdated": "2026-06-03T22:28:41.093Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-47065",
      "date": "2026-06-03",
      "epss": "0.00046",
      "percentile": "0.14545"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-47065\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2026-06-03T11:16:19.800\",\"lastModified\":\"2026-06-03T11:16:19.800\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy\\n\\n\\nAssessment: Fully addressed.\\n\\n\\nWhen the serialised stream contains a TC_PROXYCLASSDESC (the marker \\nfor a java.lang.reflect.Proxy ), JDK\u2019s ObjectInputStream.readProxyDesc()\\n is\\ndispatched. JDK then calls the default \\nObjectInputStream.resolveProxyClass(interfaces) implementation, which \\nperforms Class.forName(intf, false, latestUserDefinedLoader()) for EACH \\ninterface name and constructs the proxy class \u00e2\u20ac\u201d bypassing the accepted\\n classes list .\\n\\n\\nZDRES-233: Class.forName(name, initialize=true, classLoader) in \\nreadClassDescriptor Triggers Static Initialiser of Allow-Listed Classes\\n\\n\\nAssessment: Fully addressed.\\n\\n\\nFor ANY class on the allow-list, deserialising a stream that names it triggers the class\u2019s \\n (static initialiser) BEFORE any instance is constructed. This means an \\nattacker who supplies a class name on the allow-list (e.g., the \\ndeveloper wrote accept(\u201ccom.myapp.*\\\") , attacker supplies \\ncom.myapp.SomeClass ) causes \u003cclinit\u003e of SomeClass \u00e2\u20ac\u201d and many \\nreal-world classes have side-effecting static initialisers\\n\\n\\nBoth issues have been fixed.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/y7xj1bl8qo47p9bktb11hg5v6k1d4dyj\",\"source\":\"security@apache.org\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-47065\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-03T12:46:45.451617Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-03T12:46:52.056Z\"}}], \"cna\": {\"title\": \"Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Venkatraman Kumar, SecureIn\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"keda (GitHub: @yuui25)\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache MINA\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.2.0\", \"lessThan\": \"2.2.8\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"2.1.0\", \"lessThan\": \"2.1.13\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"2.0.0\", \"lessThan\": \"2.0.29\", \"versionType\": \"semver\"}], \"packageName\": \"org.apache.mina:mina-core\", \"collectionURL\": \"https://repo.maven.apache.org/maven2/org/apache/mina\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/y7xj1bl8qo47p9bktb11hg5v6k1d4dyj\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy\\n\\n\\nAssessment: Fully addressed.\\n\\n\\nWhen the serialised stream contains a TC_PROXYCLASSDESC (the marker \\nfor a java.lang.reflect.Proxy ), JDK\\u2019s ObjectInputStream.readProxyDesc()\\n is\\ndispatched. JDK then calls the default \\nObjectInputStream.resolveProxyClass(interfaces) implementation, which \\nperforms Class.forName(intf, false, latestUserDefinedLoader()) for EACH \\ninterface name and constructs the proxy class \\u00e2\\u20ac\\u201d bypassing the accepted\\n classes list .\\n\\n\\nZDRES-233: Class.forName(name, initialize=true, classLoader) in \\nreadClassDescriptor Triggers Static Initialiser of Allow-Listed Classes\\n\\n\\nAssessment: Fully addressed.\\n\\n\\nFor ANY class on the allow-list, deserialising a stream that names it triggers the class\\u2019s \\n (static initialiser) BEFORE any instance is constructed. This means an \\nattacker who supplies a class name on the allow-list (e.g., the \\ndeveloper wrote accept(\\u201ccom.myapp.*\\\") , attacker supplies \\ncom.myapp.SomeClass ) causes \u003cclinit\u003e of SomeClass \\u00e2\\u20ac\\u201d and many \\nreal-world classes have side-effecting static initialisers\\n\\n\\nBoth issues have been fixed.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy\u003c/p\u003e\\n\u003cp\u003eAssessment: Fully addressed.\u003c/p\u003e\\n\u003cp\u003eWhen the serialised stream contains a TC_PROXYCLASSDESC (the marker \\nfor a java.lang.reflect.Proxy ), JDK\\u2019s ObjectInputStream.readProxyDesc()\\n is\\ndispatched. JDK then calls the default \\nObjectInputStream.resolveProxyClass(interfaces) implementation, which \\nperforms Class.forName(intf, false, latestUserDefinedLoader()) for EACH \\ninterface name and constructs the proxy class \\u00e2\\u20ac\\u201d bypassing the accepted\\n classes list .\u003c/p\u003e\\n\u003cp\u003eZDRES-233: Class.forName(name, initialize=true, classLoader) in \\nreadClassDescriptor Triggers Static Initialiser of Allow-Listed Classes\u003c/p\u003e\\n\u003cp\u003eAssessment: Fully addressed.\u003c/p\u003e\\n\u003cp\u003eFor ANY class on the allow-list, deserialising a stream that names it triggers the class\\u2019s \\n (static initialiser) BEFORE any instance is constructed. This means an \\nattacker who supplies a class name on the allow-list (e.g., the \\ndeveloper wrote accept(\\u201ccom.myapp.*\\\") , attacker supplies \\ncom.myapp.SomeClass ) causes \u0026lt;clinit\u0026gt; of SomeClass \\u00e2\\u20ac\\u201d and many \\nreal-world classes have side-effecting static initialisers\u003c/p\u003e\\n\u003cp\u003eBoth issues have been fixed.\u003c/p\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-502\", \"description\": \"CWE-502 Deserialization of Untrusted Data\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2026-06-03T22:28:41.093Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-47065\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-03T22:28:41.093Z\", \"dateReserved\": \"2026-05-18T16:53:39.555Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2026-06-03T09:39:41.629Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.