Inlong

4 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-27531 CRITICAL PATCH Act Now

Critical deserialization of untrusted data vulnerability in Apache InLong versions 1.13.0 through 2.0.x that allows authenticated attackers to read arbitrary files through parameter manipulation ('double writing' the param). With a CVSS 9.8 score and network-based attack vector requiring no user interaction, this represents a high-severity information disclosure risk affecting data ingestion pipeline deployments.

Deserialization Apache Java Information Disclosure Inlong
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-27528 CRITICAL PATCH This Week

Deserialization of Untrusted Data vulnerability in Apache InLong.13.0 through 2.1.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Inlong
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2025-27526 MEDIUM PATCH This Month

Deserialization of Untrusted Data vulnerability in Apache InLong.13.0 through 2.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Inlong
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-27522 MEDIUM PATCH This Month

Deserialization of Untrusted Data vulnerability in Apache InLong.13.0 through 2.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Inlong
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-27531
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Critical deserialization of untrusted data vulnerability in Apache InLong versions 1.13.0 through 2.0.x that allows authenticated attackers to read arbitrary files through parameter manipulation ('double writing' the param). With a CVSS 9.8 score and network-based attack vector requiring no user interaction, this represents a high-severity information disclosure risk affecting data ingestion pipeline deployments.

Deserialization Apache Java +2
NVD GitHub
CVE-2025-27528
EPSS 0% CVSS 9.1
CRITICAL PATCH This Week

Deserialization of Untrusted Data vulnerability in Apache InLong.13.0 through 2.1.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Inlong
NVD GitHub
CVE-2025-27526
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Deserialization of Untrusted Data vulnerability in Apache InLong.13.0 through 2.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Inlong
NVD GitHub
CVE-2025-27522
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Deserialization of Untrusted Data vulnerability in Apache InLong.13.0 through 2.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Inlong
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy