What is CVE-2026-6009?

CVE-2026-6009 is a vulnerability in Jaspersoft Jasperreports Io At-scale, classified under Deserialization of Untrusted Data. Published 2026-05-19.

Is CVE-2026-6009 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Deserialization in Jaspersoft Jasperreports Io At-scale

CVE-2026-6009

Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution (RCE), potentially allowing code execution on the affected system

Vulnerability class: Insecure Deserialization

EPSS: 0.004 (63.7th percentile) — read the EPSS interpretation.

Affected products

Jaspersoft Jasperreports Io At-scale — versions 0
Jaspersoft Jasperreports Io Professional — versions 0
Jaspersoft Jasperreports Library Community Edition — versions 0
Jaspersoft Jasperreports Library Professional — versions 0
Jaspersoft Jasperreports Server — versions 0
Jaspersoft Jasperreports Web Studio — versions 0
Jaspersoft Studio Community Edition — versions 0
Jaspersoft Studio Professional — versions 0

Weakness classification (CWE)

CWE-502 — Deserialization of Untrusted Data

Public proof-of-concept exploits

Pumila03/CVE-2026-6009

References

db6d2600-d19b-4111-a010-f3c4ed70cd50

Frequently asked questions

What is CVE-2026-6009?: CVE-2026-6009 is a vulnerability in Jaspersoft Jasperreports Io At-scale, classified under Deserialization of Untrusted Data. Published 2026-05-19.
Is CVE-2026-6009 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.