CVE-2026-6009
8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution (RCE), potentially allowing code execution on the affected system
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Jaspersoft | JasperReports Library Community Edition | 0 <= 7.0.6 | affected |
| Jaspersoft | Jaspersoft Studio Community Edition | 0 <= 7.0.6 | affected |
| Jaspersoft | JasperReports Server | 0 <= 10.0.0 | affected |
| Jaspersoft | JasperReports Library Professional | 0 <= 10.0.0 | affected |
| Jaspersoft | Jaspersoft Studio Professional | 0 <= 10.0.0 | affected |
| Jaspersoft | JasperReports IO Professional | 0 <= 10.0.0 | affected |
| Jaspersoft | JasperReports IO At-Scale | 0 <= 10.0.0 | affected |
| Jaspersoft | JasperReports Web Studio | 0 <= 10.0.1 | affected |
Weaknesses
- CWE-502: CWE-502 Deserialization of untrusted data
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.