Every CVE whose affected-product data names Apache Mina, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2026-47065 — CVSS 9.8 (critical): ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When…
CVE-2026-42778 — CVSS 9.8 (critical): The fix for CVE-2026-41409 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: The fix for…
CVE-2026-42779 — CVSS 9.8 (critical): The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's…
CVE-2024-52046 — CVSS 9.8 (critical): The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks…
CVE-2026-41409 — CVSS 9.8 (critical): The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname allowlist of classes allowed to be…
CVE-2026-41635 — CVSS 9.8 (critical): Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes or primitive types) does not check the…
CVE-2019-0231 — CVSS 7.5 (high): Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to…
CVE-2021-41973 — CVSS 6.5 (medium): In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed…