Shodan
Vulnerabilities
Vulnerable Software
Apache:  >> Fory  >> 1.0.0  Security Vulnerabilities
CVE-2026-50076
Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and invoke classpath-present readResolve/readExternal hooks via crafted Fory serialized data. Users are recommended to upgrade to version 1.1.0 or later, which fixes this issue.
CVSS Score
9.1
EPSS Score
0.005
Published
2026-06-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved