Deserialization in Hyperledger Fabric

CVE-2026-41586

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject() and exposes deSerializeChannel() which call…

Vulnerability class: Insecure Deserialization

EPSS: 0.000 (4.4th percentile) — read the EPSS interpretation.

Affected products

Hyperledger Fabric — versions >= 1.0.0, <= 2.2.26

Weakness classification (CWE)

CWE-502 — Deserialization of Untrusted Data

References

https://github.com/hyperledger/fabric/security/advisories/GHSA-prf8-cf2x-rhx7 (x_refsource_CONFIRM)
https://hyperledger.github.io/fabric-gateway (x_refsource_MISC)