VYPR

Karaf Decanter

by Apache

Source repositories

CVEs (1)

  • CVE-2026-24656Jan 26, 2026
    risk 0.00cvss epss 0.01

    Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. It means that the log socket…