Threats Tagged 'cve-2026-42027'
View all threats tagged with 'cve-2026-42027'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-42027'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-42027: CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') in Apache Software Foundation Apache OpenNLPCVE-2026-42027 0 CVE-2026-42027 is a critical vulnerability in Apache OpenNLP versions before 2.5.9 and before 3.0.0-M3. It involves unsafe reflection where the ExtensionLoader.instantiateExtension method loads classes by name from a model archive manifest before verifying their type, causing static initializers of arbitrary classes on the classpath to execute. This can lead to unintended side effects if those classes have static initializers performing actions like network or filesystem access. Exploitation requires attacker-controlled model archives and suitable classes present on the classpath. The vulnerability is mitigated in fixed versions by introducing a package-prefix allowlist to prevent loading unauthorized classes. Join the discussion | CVE Database V5 | 05/04/2026, 16:43:12 UTC Added: 05/04/2026, 17:06:30 UTC |
Showing 1 to 1 of 1 result