Java CVE-2026-24807

Q: What is the CVSS score of CVE-2026-24807?

CVE-2026-24807 has a CVSS 4.0 base score of 5.3 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:M/U:Amber. EPSS exploitation probability: 0.0%.

MEDIUM

Improper Verification of Cryptographic Signature (CWE-347)

2026-01-27 cve_disclosure@tech.gov.sg

GHSA-23f4-hfmq-94mj

Apache Java Information Disclosure Jwt Attack

5.3

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:M/U:Amber

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

CVSS changed

May 06, 2026 - 17:22 NVD

5.3 (MEDIUM)

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Jan 27, 2026 - 09:15 nvd

N/A

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

1 maven packages depend on com.github.liuyueyi.media:batik-codec-fix (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 3.0.0.

DescriptionNVD

Improper Verification of Cryptographic Signature vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/util modules). This vulnerability is associated with program files SeekableOutputStream.Java.

This issue affects quick-media: before v1.0.

AnalysisAI

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory