VYPR

Fory

by Apache

Source repositories

CVEs (2)

  • CVE-2026-48207CriMay 21, 2026
    risk 0.57cvss 9.8epss 0.01

    Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data…

  • CVE-2026-50076CriJun 4, 2026
    risk 0.52cvss 9.1epss 0.01

    Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and invoke classpath-present…