Description
ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy


Assessment: Fully addressed.


When the serialised stream contains a TC_PROXYCLASSDESC (the marker
for a java.lang.reflect.Proxy ), JDK’s ObjectInputStream.readProxyDesc()
is
dispatched. JDK then calls the default
ObjectInputStream.resolveProxyClass(interfaces) implementation, which
performs Class.forName(intf, false, latestUserDefinedLoader()) for EACH
interface name and constructs the proxy class — bypassing the accepted
classes list .


ZDRES-233: Class.forName(name, initialize=true, classLoader) in
readClassDescriptor Triggers Static Initialiser of Allow-Listed Classes


Assessment: Fully addressed.


For ANY class on the allow-list, deserialising a stream that names it triggers the class’s
(static initialiser) BEFORE any instance is constructed. This means an
attacker who supplies a class name on the allow-list (e.g., the
developer wrote accept(“com.myapp.*") , attacker supplies
com.myapp.SomeClass ) causes <clinit> of SomeClass — and many
real-world classes have side-effecting static initialisers


Both issues have been fixed.
Published: 2026-06-03
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Deserialization in Apache MINA can trigger class resolution for java.lang.reflect.Proxy objects. The JDK’s resolver loads each listed interface with Class.forName without applying the Maven allow‑list, allowing an attacker to create a proxy that bypasses the intended restriction. Additionally, deserializing any class on the allow‑list activates its static initializer before any instance is created, so a malicious payload that names an allow‑listed class can execute arbitrary code during class loading or proxy creation. These flaws combined provide a high‑severity vector for remote code execution and data tampering.

Affected Systems

Apache MINA libraries distributed by the Apache Software Foundation. No specific affected version information is supplied, so any deployment that has not applied the recent fix is potentially susceptible.

Risk and Exploitability

The CVSS score of 9.8 indicates a critical vulnerability, though no EPSS score was provided, so the exploitation probability cannot be quantified. The vulnerability is not currently listed in the CISA KEV catalog. The likely attack vector is remote deserialization of crafted data, which can be facilitated by an attacker who gains the ability to send arbitrary serialized streams to the application. If not prevented, an attacker could execute code with the privileges of the running process.

Generated by OpenCVE AI on June 3, 2026 at 12:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Apache MINA to the latest version that incorporates the fix for resolveProxyClass and static initializer abuse.
  • If a patch cannot be applied immediately, harden deserialization by blocking java.lang.reflect.Proxy and rejecting any class names that trigger static initializers, for example using a deserialization filter or strict class whitelist.
  • Ensure that only authenticated and encrypted channels are used for transmitting serialized data to reduce the risk of an attacker sending malicious streams.

Generated by OpenCVE AI on June 3, 2026 at 12:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 03 Jun 2026 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache mina
Vendors & Products Apache
Apache mina

Wed, 03 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
Description ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TC_PROXYCLASSDESC (the marker for a java.lang.reflect.Proxy ), JDK’s ObjectInputStream.readProxyDesc() is dispatched. JDK then calls the default ObjectInputStream.resolveProxyClass(interfaces) implementation, which performs Class.forName(intf, false, latestUserDefinedLoader()) for EACH interface name and constructs the proxy class — bypassing the accepted classes list . ZDRES-233: Class.forName(name, initialize=true, classLoader) in readClassDescriptor Triggers Static Initialiser of Allow-Listed Classes Assessment: Fully addressed. For ANY class on the allow-list, deserialising a stream that names it triggers the class’s (static initialiser) BEFORE any instance is constructed. This means an attacker who supplies a class name on the allow-list (e.g., the developer wrote accept(“com.myapp.*") , attacker supplies com.myapp.SomeClass ) causes <clinit> of SomeClass — and many real-world classes have side-effecting static initialisers Both issues have been fixed.
Title Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Apache Mina
cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2026-06-03T12:46:58.145Z

Reserved: 2026-05-18T16:53:39.555Z

Link: CVE-2026-47065

cve-icon Vulnrichment

Updated: 2026-06-03T12:46:52.056Z

cve-icon NVD

Status : Received

Published: 2026-06-03T11:16:19.800

Modified: 2026-06-03T11:16:19.800

Link: CVE-2026-47065

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T13:00:11Z

Weaknesses