Jasperreports Web Studio CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-6009	1 Jaspersoft	8 Jasperreports Io At-scale, Jasperreports Io Professional, Jasperreports Library Community Edition and 5 more	2026-05-20	N/A
Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution (RCE), potentially allowing code execution on the affected system
CVE-2025-10492	2 Cloud, Jaspersoft	6 Jasperreports Io, Jasperreports Library, Jasperreports Server and 3 more	2026-02-10	9.8 Critical
A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library

Page 1 of 1.