NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-41586

Summary	Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject() and exposes deSerializeChannel() which call ObjectInputStream.readObject() on untrusted byte arrays without configuring an ObjectInputFilter. This is a classic Java deserialization RCE pattern. At time of publication, there are no publicly available patches.
Publication Date	May 7, 2026, 3:16 p.m.
Registration Date	May 8, 2026, 4:09 a.m.
Last Update	May 8, 2026, 1:16 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/hyperledger/fabric/security/advisories/GHSA-prf8-cf2x-rhx7	security-advisories@github.com
2	https://hyperledger.github.io/fabric-gateway	security-advisories@github.com
3	https://github.com/hyperledger/fabric/security/advisories/GHSA-prf8-cf2x-rhx7	134c704f-9b21-4f2e-91b3-4a467353bcc0

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-502	信頼性のないデータのデシリアライゼーション	https://cwe.mitre.org/data/definitions/502.html