CVE-2026-33728P2CRITICALCVSS 9.8≥ 0.40.0, < 1.60.3·v>= 0.40.0, < 1.60.32026-03-27
CVE-2026-33728 [CRITICAL] CWE-502 CVE-2026-33728: dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to
dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to 1.60.2, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access to a JMX or RMI port on an instrumented JVM could ex
nvd