CVE-2026-6009 | THREATINT

Description

Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution (RCE), potentially allowing code execution on the affected system

PUBLISHED Reserved 2026-04-09 | Published 2026-05-19 | Updated 2026-05-20 | Assigner Jaspersoft

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-502 Deserialization of untrusted data

Product status

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

References

community.jaspersoft.com/...rsoft-library-cve-2026-6009-r11/

cve.org (CVE-2026-6009)

nvd.nist.gov (CVE-2026-6009)

Download JSON