CVE 9.8 CRITICAL

Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass – ZDRES-232_CVE-2026-47065

June 3, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy

Assessment: Fully addressed.

When the serialised stream contains a TC_PROXYCLASSDESC (the marker
for a java.lang.reflect.Proxy ), JDK’s ObjectInputStream.readProxyDesc()
is
dispatched. JDK then calls the default
ObjectInputStream.resolveProxyClass(interfaces) implementation, which
performs Class.forName(intf, false, latestUserDefinedLoader()) for EACH
interface name and constructs the proxy class â€” bypassing the accepted
classes list .

ZDRES-233: Class.forName(name, initialize=true, classLoader) in
readClassDescriptor Triggers Static Initialiser of Allow-Listed Classes

Assessment: Fully addressed.

For ANY class on the allow-list, deserialising a stream that names it triggers the class’s
(static initialiser) BEFORE any instance is constructed. This means an
attacker who supplies a class name on the allow-list (e.g., the
developer wrote accept(“com.myapp.*") , attacker supplies
com.myapp.SomeClass ) causes <clinit> of SomeClass â€” and many
real-world classes have side-effecting static initialisers

Both issues have been fixed.

AI Analysis

Deserialization allow-list bypass via resolveProxyClass in Apache MINA, allowing an attacker to trigger static initializers of allow-listed classes

Basic Information

ID CVE-2026-47065

Source apache

Published Jun 3, 2026 at 09:39

Affected Product

Vendor Apache Software Foundation

Product Apache MINA

Version 2.2.0, 2.1.0, 2.0.0

Affected Versions Apache Software Foundation Apache MINA 2.2.0
Apache Software Foundation Apache MINA 2.1.0
Apache Software Foundation Apache MINA 2.0.0

CWE Classification

CWE-502

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Apache Software Foundation

Product Apache MINA

Version 2.2.0, 2.1.0, 2.0.0

References

lists.apache.org /thread/y7xj1bl8qo47p9bktb11hg5v6k1d4dyj

{
    "lastseen": "",
    "description": "ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy\n\n\nAssessment: Fully addressed.\n\n\nWhen the serialised stream contains a TC_PROXYCLASSDESC (the marker \nfor a java.lang.reflect.Proxy ), JDK\u2019s ObjectInputStream.readProxyDesc()\n is\ndispatched. JDK then calls the default \nObjectInputStream.resolveProxyClass(interfaces) implementation, which \nperforms Class.forName(intf, false, latestUserDefinedLoader()) for EACH \ninterface name and constructs the proxy class \u00e2\u20ac\u201d bypassing the accepted\n classes list .\n\n\nZDRES-233: Class.forName(name, initialize=true, classLoader) in \nreadClassDescriptor Triggers Static Initialiser of Allow-Listed Classes\n\n\nAssessment: Fully addressed.\n\n\nFor ANY class on the allow-list, deserialising a stream that names it triggers the class\u2019s \n (static initialiser) BEFORE any instance is constructed. This means an \nattacker who supplies a class name on the allow-list (e.g., the \ndeveloper wrote accept(\u201ccom.myapp.*\") , attacker supplies \ncom.myapp.SomeClass ) causes <clinit> of SomeClass \u00e2\u20ac\u201d and many \nreal-world classes have side-effecting static initialisers\n\n\nBoth issues have been fixed.",
    "published": "2026-06-03T09:39:41.629Z",
    "modified": "2026-06-03T09:39:41.629Z",
    "type": "cve",
    "title": "Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232",
    "source": "apache",
    "references": "https://lists.apache.org/thread/y7xj1bl8qo47p9bktb11hg5v6k1d4dyj",
    "id": "CVE-2026-47065",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502"
    ],
    "cvelist": null,
    "sourceData": "Apache Software Foundation Apache MINA 2.2.0\nApache Software Foundation Apache MINA 2.1.0\nApache Software Foundation Apache MINA 2.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Apache MINA",
    "version": "2.2.0, 2.1.0, 2.0.0",
    "vendor": "Apache Software Foundation",
    "ai_description": "Deserialization allow-list bypass via resolveProxyClass in Apache MINA, allowing an attacker to trigger static initializers of allow-listed classes",
    "ai_severity": "Critical",
    "ai_vendor": "Apache Software Foundation",
    "ai_product": "Apache MINA",
    "ai_version": "2.2.0, 2.1.0, 2.0.0",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply