CVE-2026-10532 in logbackinformação

Sumário

de MITRE • 01/06/2026

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core (HardenedObjectInputStream (logback-core) modules) allows Object Injection, albeit heavily restricted.

More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer can instantiate Proxy objects.

Although deserialization is heavily restricted by HardenedObjectInputStream and no practical way to achieve remote code execution or significant privilege escalation has been identified, this issue constitutes a bypass of the intended security restrictions.

This issue affects logback: through 1.5.33 inclusive.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

NCSC.ch

Reservar

01/06/2026

Divulgação

01/06/2026

Moderação

aceite

Entrada

VDB-367638

CPE

pronto

CWE

CWE-502 (confirmado)

CVSS

5.6 (VulDB)

EPSS

0.00086

KEV

não

Atividades

muito baixo

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-10532
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-10532
CVE Details	https://www.cvedetails.com/cve/CVE-2026-10532/

◂ Voltar Visão Geral Próximo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!