Apache Hugegraph vulnerabilities

CVE-2025-26866 [HIGH] CWE-502 CVE-2025-26866: A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessia A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process against object injection attacks. Users are recommended

CVE-2024-43441 [CRITICAL] CWE-302 CVE-2024-43441: Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server. This issu Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server. This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.5.0. Users are recommended to upgrade to version 1.5.0, which fixes the issue.

CVE-2024-27348 [CRITICAL] CWE-284 CVE-2024-27348: RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache Huge RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.

CVE-2024-27349 [CRITICAL] CWE-290 CVE-2024-27349: Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Server.This issue affects Apache Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue.