Skip to main content

CWE-470

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

56 CVEs Avg CVSS 7.9 MITRE
13
CRITICAL
31
HIGH
11
MEDIUM
1
LOW
13
POC
0
KEV

Monthly

CVE-2026-58659 HIGH POC PATCH This Week

Remote code execution in PyTorch Lightning through 2.6.5 allows an attacker who can get a victim to load a malicious checkpoint file to execute arbitrary code. The flaw lives in the _load_state routine, which imports and calls the module path named in a checkpoint's _instantiator hyperparameter, letting a crafted .ckpt bypass torch's weights_only=True safeguard when LightningModule.load_from_checkpoint is invoked. Reported by VulnCheck, it is fixed in commit d710d68 (PR #21832) via an instantiator allowlist, and publicly available exploit code exists though it is not listed in CISA KEV.

Checkpoint RCE Pytorch Lightning
NVD GitHub
CVSS 4.0
8.4
CVE-2026-40008 CRITICAL PATCH Act Now

Unsafe reflection in Apache IoTDB's pipe processor lets a user-supplied fully qualified Java class name be loaded and instantiated via Class.forName().newInstance() with no allowlisting, enabling arbitrary class loading and likely remote code execution in the database server process. It affects all releases from 1.0.0 up to (but not including) 2.0.10 and is fixed in 2.0.10. No public exploit identified at time of analysis, and EPSS is low (0.25%, 17th percentile), though CISA SSVC rates the technical impact as total and considers exploitation automatable.

Java Information Disclosure Apache Apache Iotdb
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-24246 HIGH This Week

Arbitrary code execution in NVIDIA Megatron Bridge on Linux arises from unsafe reflection (CWE-470), where externally-controlled input selects which classes or code resources are dynamically loaded. A local attacker who convinces a user to load a crafted artifact (e.g., a malicious model, checkpoint, or configuration) can trigger code execution, privilege escalation, data tampering, and information disclosure. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Nvidia Information Disclosure RCE Megatron Bridge
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-13772 CRITICAL PATCH Act Now

Arbitrary constructor invocation (leading to code execution) in IBM WebSphere eXtreme Scale 8.6.1.0 through 8.6.1.6 lets an authenticated remote attacker who can influence an application-built Object Query Language (OQL) query force the engine to resolve attacker-named classes via Class.forName() and instantiate them without any allow-list. Three distinct sinks are affected (SELECT NEW, enum literals, and reflection-based comparators), and a SELECT DISTINCT variant using planted grid values triggers the gadget post-readObject in a way that bypasses JEP-290 serialization filters across grid nodes. There is no public exploit identified at time of analysis and EPSS is low (0.27%), but the CVSS 9.9 scope-changing impact makes this a high-priority patch for exposed grid deployments.

IBM Information Disclosure Websphere Extreme Scale
NVD VulDB
CVSS 3.1
9.9
EPSS
0.3%
CVE-2026-57284 MEDIUM This Month

Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps.

Jenkins Information Disclosure Jenkins Pipeline
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-48517 NuGet MEDIUM PATCH GHSA This Month

Typeless deserialization in MessagePack-CSharp allows blocked types to be instantiated by wrapping them inside arrays or generic type constructs, bypassing the ThrowIfDeserializingTypeIsDisallowed safety check. Applications using typeless deserialization on MessagePack-CSharp prior to versions 2.5.301 (2.x branch) and 3.1.7 (3.x branch) are exposed. No public exploit code or active exploitation has been identified at time of analysis; the CVSS 4.0 score of 6.3 reflects high attack complexity and the prerequisite that typeless deserialization must be enabled and attacker-controlled input must reach the deserializer.

Deserialization Messagepack Csharp
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.3%
CVE-2026-44795 Maven HIGH PATCH GHSA This Week

Remote code execution in Spinnaker's Rosco and Orca services arises because YAML input is parsed with SnakeYAML's unsafe default Constructor rather than a SafeConstructor, letting authenticated users who trigger CloudFormation deployments or CloudFoundry baking load arbitrary Java classes. An attacker with pipeline access can supply a crafted YAML tag (e.g. !!javax.script.ScriptEngineManager) to instantiate dangerous classes and reach code execution on the affected service host. No public weaponized exploit is identified, though the vendor fix commit ships tests demonstrating the arbitrary-object-instantiation primitive, and the flaw is not listed in CISA KEV.

Java Deserialization
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.0%
CVE-2026-49287 PHP HIGH PATCH GHSA This Week

Integrity and availability loss in Statamic CMS versions prior to 5.73.23 and 6.20.0 allows remote attackers to destroy content and assets by manipulating sort parameters that flow into in-memory collection sorting. This is an incomplete-fix follow-up to CVE-2026-41175 (CWE-470, unsafe reflection / method invocation), where the original patch covered the query builder but not the in-memory sort path. No public exploit identified at time of analysis and not in CISA KEV; exploitation requires a non-default template configuration that pipes visitor input into a tag's sort parameter.

Information Disclosure Cms
NVD GitHub
CVSS 3.1
7.4
EPSS
0.3%
CVE-2026-48817 PyPI MEDIUM PATCH GHSA This Month

Starlette's HTTPEndpoint dispatcher allows remote unauthenticated attackers to invoke arbitrary internal Python instance methods as HTTP handlers by sending non-standard HTTP method names that resolve to endpoint attributes via getattr, effectively circumventing authorization logic guarding intended public handlers. Applications built on Starlette - including FastAPI - are affected when HTTPEndpoint subclasses are registered via Route(...) without an explicit methods= argument and those subclasses expose internal methods whose lowercased names match non-standard HTTP token shapes. No public exploit or active exploitation has been identified at time of analysis; a vendor-released patch is available in starlette 1.1.0.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-46718 Maven MEDIUM PATCH This Month

Unsafe reflection in Apache Calcite 1.5.0 through 1.41 allows unauthenticated remote attackers to supply externally-controlled input that influences class or code selection at runtime, resulting in partial confidentiality and integrity impact (CVSS C:L/I:L). The vulnerability stems from CWE-470, where user-supplied input is used unsanitized to drive Java reflection operations. No public exploit code exists and no active exploitation has been confirmed; EPSS of 0.02% (7th percentile) indicates low community-assessed exploitation probability at time of analysis.

Information Disclosure Apache Red Hat
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVSS 8.4
HIGH POC PATCH This Week

Remote code execution in PyTorch Lightning through 2.6.5 allows an attacker who can get a victim to load a malicious checkpoint file to execute arbitrary code. The flaw lives in the _load_state routine, which imports and calls the module path named in a checkpoint's _instantiator hyperparameter, letting a crafted .ckpt bypass torch's weights_only=True safeguard when LightningModule.load_from_checkpoint is invoked. Reported by VulnCheck, it is fixed in commit d710d68 (PR #21832) via an instantiator allowlist, and publicly available exploit code exists though it is not listed in CISA KEV.

Checkpoint RCE Pytorch Lightning
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Unsafe reflection in Apache IoTDB's pipe processor lets a user-supplied fully qualified Java class name be loaded and instantiated via Class.forName().newInstance() with no allowlisting, enabling arbitrary class loading and likely remote code execution in the database server process. It affects all releases from 1.0.0 up to (but not including) 2.0.10 and is fixed in 2.0.10. No public exploit identified at time of analysis, and EPSS is low (0.25%, 17th percentile), though CISA SSVC rates the technical impact as total and considers exploitation automatable.

Java Information Disclosure Apache +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in NVIDIA Megatron Bridge on Linux arises from unsafe reflection (CWE-470), where externally-controlled input selects which classes or code resources are dynamically loaded. A local attacker who convinces a user to load a crafted artifact (e.g., a malicious model, checkpoint, or configuration) can trigger code execution, privilege escalation, data tampering, and information disclosure. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Nvidia Information Disclosure RCE +1
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Arbitrary constructor invocation (leading to code execution) in IBM WebSphere eXtreme Scale 8.6.1.0 through 8.6.1.6 lets an authenticated remote attacker who can influence an application-built Object Query Language (OQL) query force the engine to resolve attacker-named classes via Class.forName() and instantiate them without any allow-list. Three distinct sinks are affected (SELECT NEW, enum literals, and reflection-based comparators), and a SELECT DISTINCT variant using planted grid values triggers the gadget post-readObject in a way that bypasses JEP-290 serialization filters across grid nodes. There is no public exploit identified at time of analysis and EPSS is low (0.27%), but the CVSS 9.9 scope-changing impact makes this a high-priority patch for exposed grid deployments.

IBM Information Disclosure Websphere Extreme Scale
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps.

Jenkins Information Disclosure Jenkins Pipeline
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Typeless deserialization in MessagePack-CSharp allows blocked types to be instantiated by wrapping them inside arrays or generic type constructs, bypassing the ThrowIfDeserializingTypeIsDisallowed safety check. Applications using typeless deserialization on MessagePack-CSharp prior to versions 2.5.301 (2.x branch) and 3.1.7 (3.x branch) are exposed. No public exploit code or active exploitation has been identified at time of analysis; the CVSS 4.0 score of 6.3 reflects high attack complexity and the prerequisite that typeless deserialization must be enabled and attacker-controlled input must reach the deserializer.

Deserialization Messagepack Csharp
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Spinnaker's Rosco and Orca services arises because YAML input is parsed with SnakeYAML's unsafe default Constructor rather than a SafeConstructor, letting authenticated users who trigger CloudFormation deployments or CloudFoundry baking load arbitrary Java classes. An attacker with pipeline access can supply a crafted YAML tag (e.g. !!javax.script.ScriptEngineManager) to instantiate dangerous classes and reach code execution on the affected service host. No public weaponized exploit is identified, though the vendor fix commit ships tests demonstrating the arbitrary-object-instantiation primitive, and the flaw is not listed in CISA KEV.

Java Deserialization
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Integrity and availability loss in Statamic CMS versions prior to 5.73.23 and 6.20.0 allows remote attackers to destroy content and assets by manipulating sort parameters that flow into in-memory collection sorting. This is an incomplete-fix follow-up to CVE-2026-41175 (CWE-470, unsafe reflection / method invocation), where the original patch covered the query builder but not the in-memory sort path. No public exploit identified at time of analysis and not in CISA KEV; exploitation requires a non-default template configuration that pipes visitor input into a tag's sort parameter.

Information Disclosure Cms
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Starlette's HTTPEndpoint dispatcher allows remote unauthenticated attackers to invoke arbitrary internal Python instance methods as HTTP handlers by sending non-standard HTTP method names that resolve to endpoint attributes via getattr, effectively circumventing authorization logic guarding intended public handlers. Applications built on Starlette - including FastAPI - are affected when HTTPEndpoint subclasses are registered via Route(...) without an explicit methods= argument and those subclasses expose internal methods whose lowercased names match non-standard HTTP token shapes. No public exploit or active exploitation has been identified at time of analysis; a vendor-released patch is available in starlette 1.1.0.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Unsafe reflection in Apache Calcite 1.5.0 through 1.41 allows unauthenticated remote attackers to supply externally-controlled input that influences class or code selection at runtime, resulting in partial confidentiality and integrity impact (CVSS C:L/I:L). The vulnerability stems from CWE-470, where user-supplied input is used unsanitized to drive Java reflection operations. No public exploit code exists and no active exploitation has been confirmed; EPSS of 0.02% (7th percentile) indicates low community-assessed exploitation probability at time of analysis.

Information Disclosure Apache Red Hat
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy