CVE-2026-6009

Jaspersoft Library Deserialisation Vulnerability

CVSS 8.7 HIGHEPSS 0.5%CWE-502

Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution (RCE), potentially allowing code execution on the affected system

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Jaspersoft · JasperReports IO At-Scale Jaspersoft · JasperReports IO Professional Jaspersoft · JasperReports Library Community Edition Jaspersoft · JasperReports Library Professional Jaspersoft · JasperReports Server Jaspersoft · JasperReports Web Studio Jaspersoft · Jaspersoft Studio Community Edition Jaspersoft · Jaspersoft Studio Professional

public PoCs found — 1

githubgithub.com/Pumila03/CVE-2026-6009★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-may-19-2026-jaspersoft-library-cve-2026-6009-r11/