CVE-2026-10532
Description
Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core (HardenedObjectInputStream (logback-core) modules) allows Object Injection, albeit heavily restricted.
More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer can instantiate Proxy objects.
Although deserialization is heavily restricted by HardenedObjectInputStream and no practical way to achieve remote code execution or significant privilege escalation has been identified, this issue constitutes a bypass of the intended security restrictions.
This issue affects logback: through 1.5.33 inclusive.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
156- osv-coords155 versionspkg:apk/chainguard/airbyte-server-fipspkg:apk/chainguard/akhqpkg:apk/chainguard/apache-nifipkg:apk/chainguard/apache-nifi-registrypkg:apk/chainguard/apache-nifi-registry-toolkitpkg:apk/chainguard/cassandra-5.0pkg:apk/chainguard/cassandra-fips-5.0pkg:apk/chainguard/cassandra-reaperpkg:apk/chainguard/dependency-track-apiserver-5pkg:apk/chainguard/kafbat-uipkg:apk/chainguard/kafbat-ui-fipspkg:apk/chainguard/keycloak-config-clipkg:apk/chainguard/keycloak-config-cli-iamguarded-compatpkg:apk/chainguard/knative-kafka-broker-1.21-dispatcher-loompkg:apk/chainguard/knative-kafka-broker-1.21-receiver-loompkg:apk/chainguard/knative-kafka-broker-1.22-dispatcher-loompkg:apk/chainguard/knative-kafka-broker-1.22-receiver-loompkg:apk/chainguard/knative-kafka-broker-fips-1.21-dispatcher-loompkg:apk/chainguard/knative-kafka-broker-fips-1.21-receiver-loompkg:apk/chainguard/knative-kafka-broker-fips-1.22-dispatcher-loompkg:apk/chainguard/knative-kafka-broker-fips-1.22-receiver-loompkg:apk/chainguard/kserve-modelmeshpkg:apk/chainguard/localstackpkg:apk/chainguard/management-api-for-apache-cassandra-4.0pkg:apk/chainguard/management-api-for-apache-cassandra-4.1pkg:apk/chainguard/management-api-for-apache-cassandra-5.0pkg:apk/chainguard/nacospkg:apk/chainguard/nacos-dockerpkg:apk/chainguard/nextflowpkg:apk/chainguard/ontoppkg:apk/chainguard/s3proxypkg:apk/chainguard/s3proxy-fipspkg:apk/chainguard/sonar-scanner-clipkg:apk/chainguard/thingsboard-tb-mqtt-transportpkg:apk/chainguard/thingsboard-tb-nodepkg:apk/chainguard/trinopkg:apk/chainguard/trino-plugin-ai-functionspkg:apk/chainguard/trino-plugin-bigquerypkg:apk/chainguard/trino-plugin-blackholepkg:apk/chainguard/trino-plugin-cassandrapkg:apk/chainguard/trino-plugin-clickhousepkg:apk/chainguard/trino-plugin-delta-lakepkg:apk/chainguard/trino-plugin-druidpkg:apk/chainguard/trino-plugin-duckdbpkg:apk/chainguard/trino-plugin-elasticsearchpkg:apk/chainguard/trino-plugin-exasolpkg:apk/chainguard/trino-plugin-exchange-filesystempkg:apk/chainguard/trino-plugin-exchange-hdfspkg:apk/chainguard/trino-plugin-fakerpkg:apk/chainguard/trino-plugin-functions-pythonpkg:apk/chainguard/trino-plugin-google-sheetspkg:apk/chainguard/trino-plugin-hivepkg:apk/chainguard/trino-plugin-http-event-listenerpkg:apk/chainguard/trino-plugin-hudipkg:apk/chainguard/trino-plugin-icebergpkg:apk/chainguard/trino-plugin-ignitepkg:apk/chainguard/trino-plugin-jmxpkg:apk/chainguard/trino-plugin-kafkapkg:apk/chainguard/trino-plugin-kafka-event-listenerpkg:apk/chainguard/trino-plugin-lakehousepkg:apk/chainguard/trino-plugin-ldap-group-providerpkg:apk/chainguard/trino-plugin-lokipkg:apk/chainguard/trino-plugin-mariadbpkg:apk/chainguard/trino-plugin-memorypkg:apk/chainguard/trino-plugin-mongodbpkg:apk/chainguard/trino-plugin-mysqlpkg:apk/chainguard/trino-plugin-opapkg:apk/chainguard/trino-plugin-openlineagepkg:apk/chainguard/trino-plugin-opensearchpkg:apk/chainguard/trino-plugin-oraclepkg:apk/chainguard/trino-plugin-password-authenticatorspkg:apk/chainguard/trino-plugin-pinotpkg:apk/chainguard/trino-plugin-postgresqlpkg:apk/chainguard/trino-plugin-prometheuspkg:apk/chainguard/trino-plugin-redispkg:apk/chainguard/trino-plugin-redshiftpkg:apk/chainguard/trino-plugin-resource-group-managerspkg:apk/chainguard/trino-plugin-session-property-managerspkg:apk/chainguard/trino-plugin-singlestorepkg:apk/chainguard/trino-plugin-snowflakepkg:apk/chainguard/trino-plugin-spooling-filesystempkg:apk/chainguard/trino-plugin-sqlserverpkg:apk/chainguard/trino-plugin-thriftpkg:apk/chainguard/trino-plugin-tpcdspkg:apk/chainguard/trino-plugin-tpchpkg:apk/chainguard/zookeeper-3.8pkg:apk/chainguard/zookeeper-3.9pkg:apk/chainguard/zookeeper-fips-3.8pkg:apk/chainguard/zookeeper-fips-3.9pkg:apk/wolfi/akhqpkg:apk/wolfi/apache-nifipkg:apk/wolfi/apache-nifi-registrypkg:apk/wolfi/apache-nifi-registry-toolkitpkg:apk/wolfi/cassandra-5.0pkg:apk/wolfi/cassandra-reaperpkg:apk/wolfi/keycloak-config-clipkg:apk/wolfi/keycloak-config-cli-iamguarded-compatpkg:apk/wolfi/kserve-modelmeshpkg:apk/wolfi/management-api-for-apache-cassandra-5.0pkg:apk/wolfi/nextflowpkg:apk/wolfi/sonar-scanner-clipkg:apk/wolfi/thingsboard-tb-mqtt-transportpkg:apk/wolfi/thingsboard-tb-nodepkg:apk/wolfi/trinopkg:apk/wolfi/trino-plugin-ai-functionspkg:apk/wolfi/trino-plugin-bigquerypkg:apk/wolfi/trino-plugin-blackholepkg:apk/wolfi/trino-plugin-cassandrapkg:apk/wolfi/trino-plugin-clickhousepkg:apk/wolfi/trino-plugin-delta-lakepkg:apk/wolfi/trino-plugin-druidpkg:apk/wolfi/trino-plugin-duckdbpkg:apk/wolfi/trino-plugin-elasticsearchpkg:apk/wolfi/trino-plugin-exasolpkg:apk/wolfi/trino-plugin-exchange-filesystempkg:apk/wolfi/trino-plugin-exchange-hdfspkg:apk/wolfi/trino-plugin-fakerpkg:apk/wolfi/trino-plugin-functions-pythonpkg:apk/wolfi/trino-plugin-google-sheetspkg:apk/wolfi/trino-plugin-hivepkg:apk/wolfi/trino-plugin-http-event-listenerpkg:apk/wolfi/trino-plugin-hudipkg:apk/wolfi/trino-plugin-icebergpkg:apk/wolfi/trino-plugin-ignitepkg:apk/wolfi/trino-plugin-jmxpkg:apk/wolfi/trino-plugin-kafkapkg:apk/wolfi/trino-plugin-kafka-event-listenerpkg:apk/wolfi/trino-plugin-lakehousepkg:apk/wolfi/trino-plugin-ldap-group-providerpkg:apk/wolfi/trino-plugin-lokipkg:apk/wolfi/trino-plugin-mariadbpkg:apk/wolfi/trino-plugin-memorypkg:apk/wolfi/trino-plugin-mongodbpkg:apk/wolfi/trino-plugin-mysqlpkg:apk/wolfi/trino-plugin-opapkg:apk/wolfi/trino-plugin-openlineagepkg:apk/wolfi/trino-plugin-opensearchpkg:apk/wolfi/trino-plugin-oraclepkg:apk/wolfi/trino-plugin-password-authenticatorspkg:apk/wolfi/trino-plugin-pinotpkg:apk/wolfi/trino-plugin-postgresqlpkg:apk/wolfi/trino-plugin-prometheuspkg:apk/wolfi/trino-plugin-redispkg:apk/wolfi/trino-plugin-redshiftpkg:apk/wolfi/trino-plugin-resource-group-managerspkg:apk/wolfi/trino-plugin-session-property-managerspkg:apk/wolfi/trino-plugin-singlestorepkg:apk/wolfi/trino-plugin-snowflakepkg:apk/wolfi/trino-plugin-spooling-filesystempkg:apk/wolfi/trino-plugin-sqlserverpkg:apk/wolfi/trino-plugin-thriftpkg:apk/wolfi/trino-plugin-tpcdspkg:apk/wolfi/trino-plugin-tpchpkg:apk/wolfi/zookeeper-3.9pkg:rpm/opensuse/logback&distro=openSUSE%20Tumbleweed
< 2.0.0-r9+ 154 more
- (no CPE)range: < 2.0.0-r9
- (no CPE)range: < 0.27.1-r8
- (no CPE)range: < 2.10.0-r2
- (no CPE)range: < 2.10.0-r2
- (no CPE)range: < 2.10.0-r2
- (no CPE)range: < 5.0.8-r9
- (no CPE)range: < 5.0.8-r4
- (no CPE)range: < 4.2.5-r6
- (no CPE)range: < 5.0.2-r1
- (no CPE)range: < 1.5.0-r9
- (no CPE)range: < 1.5.0-r3
- (no CPE)range: < 6.5.1-r9
- (no CPE)range: < 6.5.1-r9
- (no CPE)range: < 1.21.4-r12
- (no CPE)range: < 1.21.4-r12
- (no CPE)range: < 1.22.2-r5
- (no CPE)range: < 1.22.2-r5
- (no CPE)range: < 1.21.4-r7
- (no CPE)range: < 1.21.4-r7
- (no CPE)range: < 1.22.2-r7
- (no CPE)range: < 1.22.2-r7
- (no CPE)range: < 0.12.0-r37
- (no CPE)range: < 4.14.0-r19
- (no CPE)range: < 0.1.122-r2
- (no CPE)range: < 0.1.122-r2
- (no CPE)range: < 0.1.122-r1
- (no CPE)range: < 3.2.2-r6
- (no CPE)range: < 3.2.2-r3
- (no CPE)range: < 26.04.6-r0
- (no CPE)range: < 5.5.0-r20
- (no CPE)range: < 3.3.0-r4
- (no CPE)range: < 3.3.0-r3
- (no CPE)range: < 8.1.0.6389-r3
- (no CPE)range: < 4.3.1.3-r2
- (no CPE)range: < 4.3.1.3-r2
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 3.8.6-r11
- (no CPE)range: < 3.9.5-r10
- (no CPE)range: < 3.8.6-r11
- (no CPE)range: < 3.9.5-r7
- (no CPE)range: < 0.27.1-r8
- (no CPE)range: < 2.10.0-r2
- (no CPE)range: < 2.10.0-r2
- (no CPE)range: < 2.10.0-r2
- (no CPE)range: < 5.0.8-r9
- (no CPE)range: < 4.2.5-r6
- (no CPE)range: < 6.5.1-r9
- (no CPE)range: < 6.5.1-r9
- (no CPE)range: < 0.12.0-r37
- (no CPE)range: < 0.1.122-r1
- (no CPE)range: < 26.04.6-r0
- (no CPE)range: < 8.1.0.6389-r3
- (no CPE)range: < 4.3.1.3-r2
- (no CPE)range: < 4.3.1.3-r2
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 482-r4
- (no CPE)range: < 3.9.5-r10
- (no CPE)range: < 1.5.34-1.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.