CVE-2023-26512

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jul 17, 2023

Updated: Jul 27, 2023

CWE ID 502

Summary

CVE-2023-26512 is a deserialization vulnerability affecting Apache EventMesh (incubating) versions 1.7.0 and 1.8.0 on Windows, Linux, and macOS platforms. This issue, classified as CWE-502, allows attackers to send malicious RabbitMQ messages that can result in remote code execution. Users can temporarily mitigate this risk by applying the fix found in the project repository's master branch while the new officially released version is being prepared.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sAKMi6
https://www.cve.org/CVERecord?id=CVE-2023-26512
https://nvd.nist.gov/vuln/detail/CVE-2023-26512

Back to Vulnerability Database

CVE-2023-26512

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations