CVE-2026-6009

Summary

Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution (RCE), potentially allowing code execution on the affected system

Affected Software

VendorProductVersion RangeStatus
JaspersoftJasperReports Library Community Edition0 <= 7.0.6affected
JaspersoftJaspersoft Studio Community Edition0 <= 7.0.6affected
JaspersoftJasperReports Server0 <= 10.0.0affected
JaspersoftJasperReports Library Professional0 <= 10.0.0affected
JaspersoftJaspersoft Studio Professional0 <= 10.0.0affected
JaspersoftJasperReports IO Professional0 <= 10.0.0affected
JaspersoftJasperReports IO At-Scale0 <= 10.0.0affected
JaspersoftJasperReports Web Studio0 <= 10.0.1affected

Weaknesses

  • CWE-502: CWE-502 Deserialization of untrusted data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References