Java CVE-2026-6009

Q: What is the CVSS score of CVE-2026-6009?

CVE-2026-6009 has a CVSS 4.0 base score of 8.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.4%.

EUVD-2026-30962 HIGH

Deserialization of Untrusted Data (CWE-502)

2026-05-19 Jaspersoft

GHSA-9wxq-mwqw-8hhg

RCE Java Deserialization

8.7

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

CVE Published

May 19, 2026 - 17:23 nvd

UNKNOWN (no severity yet)

DescriptionNVD

Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution (RCE), potentially allowing code execution on the affected system

Analysis

Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution (RCE), potentially allowing code execution on the affected system

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-6009 vulnerability details – vuln.today

Back

Java CVE-2026-6009

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Analysis

Full analysis requires sign-in

Share

Java CVE-2026-6009

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Full analysis requires sign-in

Share

External POC / Exploit Code