Java

vulnerability 2026-05-06
Apache MINA Patches CVE-2026-42778 and CVE-2026-42779: Two Incomplete Fixes Land Back-to-Back as RCE
MINA 2.2.7 and 2.1.12 ship critical patches for two deserialization bypasses that each thread the needle through a previous incomplete fix — the third and fourth iterations of the same root bug stretching back to 2024.
apache-mina cve-2026-42778 cve-2026-42779 deserialization rce incomplete-fix java
vulnerabilities 2026-04-16
CISA Adds Apache ActiveMQ CVE-2026-34197 to KEV as 13-Year-Old Jolokia RCE Sees Active Exploitation
CISA added CVE-2026-34197 to the KEV catalog today with an April 30 patch deadline. The 13-year-old Jolokia MBean flaw yields RCE on the broker JVM and is unauthenticated on ActiveMQ 6.0.0–6.1.1 when chained with CVE-2024-32114.
cve-2026-34197 apache-activemq jolokia rce cisa-kev java spring messaging

Apache MINA Patches CVE-2026-42778 and CVE-2026-42779: Two Incomplete Fixes Land Back-to-Back as RCE