VYPR

Maven package

org.apache.storm/storm-client

pkg:maven/org.apache.storm/storm-client

Vulnerabilities (2)

  • CVE-2026-41081MedApr 27, 2026
    affected < 2.8.7fixed 2.8.7

    Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is enabled in Apache Storm without requiring client certificate authentication (the default configurat

  • CVE-2026-35337HigApr 13, 2026
    affected < 2.8.6fixed 2.8.6

    Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject() without