cbcvebase.
CVE-2026-6009
published 2026-05-19

CVE-2026-6009: Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution (RCE), potentially allowing code execution on the affected…

PriorityP258high8.7CVSS 4.0
AVNACLATNPRLUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.48%
37.5th percentile
Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution (RCE), potentially allowing code execution on the affected system

Affected

8 ranges
VendorProductVersion rangeFixed in
jaspersoftjasperreports_io_at-scale<= 10.0.0
jaspersoftjasperreports_io_professional<= 10.0.0
jaspersoftjasperreports_library_community_edition<= 7.0.6
jaspersoftjasperreports_library_professional<= 10.0.0
jaspersoftjasperreports_server<= 10.0.0
jaspersoftjasperreports_web_studio<= 10.0.1
jaspersoftjaspersoft_studio_community_edition<= 7.0.6
jaspersoftjaspersoft_studio_professional<= 10.0.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.