CVE-2026-24807
CVE-2026-24807 is a medium-severity vulnerability with a CVSS 4.0 base score of 5.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-347.
Key facts
- Severity: Medium (CVSS 4.0 base score 5.3)
- EPSS exploit prediction: 0% (26th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2026-4759
- Weakness: CWE-347
- Published:
- Last modified:
Description
Improper Verification of Cryptographic Signature vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/util modules). This vulnerability is associated with program files SeekableOutputStream.Java. This issue affects quick-media: before v1.0.
Frequently asked questions
- What is CVE-2026-24807?
- Improper Verification of Cryptographic Signature vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/util modules). This vulnerability is associated with program files SeekableOutputStream.Java. This issue affects quick-media: before v1.0.
- How severe is CVE-2026-24807?
- CVE-2026-24807 has a CVSS 4.0 base score of 5.3, rated medium severity.
- Is CVE-2026-24807 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (26th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2026-24807?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2026-24807 have an EU (EUVD) identifier?
- Yes. CVE-2026-24807 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-4759.
- When was CVE-2026-24807 published?
- CVE-2026-24807 was published on 2026-01-27 and last updated on 2026-06-17.
References
- https://github.com/liuyueyi/quick-media/pull/123
- https://github.com/css4j/echosvg/discussions/137
- https://github.com/github/advisory-database/pull/7438
- https://github.com/liuyueyi/quick-media/pull/123#issuecomment-4305589308
Other CWE-347 (Improper Verification of Cryptographic Signature) vulnerabilities
- CVE-2026-48558 — Critical (CVSS 10.0): SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the…
- CVE-2023-25574 — Critical (CVSS 10.0): `jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI).…
- CVE-2024-45409 — Critical (CVSS 10.0): The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <=…
- CVE-2024-32962 — Critical (CVSS 10.0): xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default…
- CVE-2022-24884 — Critical (CVSS 10.0): ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()`…
- CVE-2021-33885 — Critical (CVSS 10.0): An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a…
Browse all CWE-347 (Improper Verification of Cryptographic Signature) vulnerabilities →