Jaspersoft Library Deserialisation Vulnerability_CVE-2026-6009

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution (RCE), potentially allowing code execution on the affected system

AI Analysis

Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution (RCE)

Basic Information

ID CVE-2026-6009

Source Jaspersoft

Published May 19, 2026 at 17:23

Modified May 19, 2026 at 17:55

Affected Product

Vendor Jaspersoft

Product JasperReports Library Community Edition

Affected Versions Jaspersoft JasperReports Library Community Edition 0
Jaspersoft Jaspersoft Studio Community Edition 0
Jaspersoft JasperReports Server 0
Jaspersoft JasperReports Library Professional 0
Jaspersoft Jaspersoft Studio Professional 0
Jaspersoft JasperReports IO Professional 0
Jaspersoft JasperReports IO At-Scale 0
Jaspersoft JasperReports Web Studio 0

CWE Classification

CWE-502

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Jaspersoft

Product JasperReports Library

References

community.jaspersoft.com /advisories/jaspersoft-security-advisory-may-19-2026-jaspersoft-library-cve-2026-6009-r11/

{
    "lastseen": "",
    "description": "Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to\u00a0Remote Code Execution (RCE), potentially allowing code execution on the affected system",
    "published": "2026-05-19T17:23:40.646Z",
    "modified": "2026-05-19T17:55:06.156Z",
    "type": "cve",
    "title": "Jaspersoft Library Deserialisation Vulnerability",
    "source": "Jaspersoft",
    "references": "https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-may-19-2026-jaspersoft-library-cve-2026-6009-r11/",
    "id": "CVE-2026-6009",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502"
    ],
    "cvelist": null,
    "sourceData": "Jaspersoft JasperReports Library Community Edition 0\nJaspersoft Jaspersoft Studio Community Edition 0\nJaspersoft JasperReports Server 0\nJaspersoft JasperReports Library Professional 0\nJaspersoft Jaspersoft Studio Professional 0\nJaspersoft JasperReports IO Professional 0\nJaspersoft JasperReports IO At-Scale 0\nJaspersoft JasperReports Web Studio 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "JasperReports Library Community Edition",
    "version": "0",
    "vendor": "Jaspersoft",
    "ai_description": "Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution (RCE)",
    "ai_severity": "High",
    "ai_vendor": "Jaspersoft",
    "ai_product": "JasperReports Library",
    "ai_version": "0",
    "ai_score": 8.7
}