CVE-2026-41635CRITICALCVSS 9.82026-04-27
CVE-2026-41635 [CRITICAL] CWE-502 Apache MINA: Apache MINA: Arbitrary code execution via classname allowlist bypass
Apache MINA: Apache MINA: Arbitrary code execution via classname allowlist bypass
A flaw was found in Apache MINA. A remote attacker could exploit a vulnerability in the `AbstractIoBuffer.resolveClass()` method, which failed to properly validate class names for static classes or primitive types. This bypasses the intended security control, known as a classname allowlist, allowing
redhat