CVE-2026-6009
Publication date 19 May 2026
Last updated 26 June 2026
Ubuntu priority
Description
Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution (RCE), potentially allowing code execution on the affected system
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| jasperreports | 26.04 LTS resolute | Not in release |
| 25.10 questing | Not in release | |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 18.04 LTS bionic |
Needs evaluation
|
Severity score breakdown
CVSS version: CVSS v4.0
Base score
8.7 · High
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N