Apache Mina
4 CVEs affecting Apache Mina. Latest disclosed: 2026-05-01. Critical: 4, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-42779 | Critical | 9.8 | 2026-05-01 | The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's AbstractIoBuffer… |
CVE-2026-42778 | Critical | 9.8 | 2026-05-01 | The fix for CVE-2026-41409 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: The fix for CVE-2024-52046 in Apache M… |
CVE-2026-41409 | Critical | 9.8 | 2026-04-27 | The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname allowlist of classes allowed to be deserialized was applie… |
CVE-2026-41635 | Critical | 9.8 | 2026-04-27 | Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes or primitive types) does not check the class at all, bypas… |