A vulnerability, which was classified as problematic, was found in HdrHistogram up to 2.2.2. This vulnerability affects the function recordValueWithCount of the file src/main/java/org/HdrHistogram/AbstractHistogram.java of the component AbstractHistogram. Such manipulation of the argument Count leads to state issue.

This vulnerability is referenced as CVE-2026-14685. The attack can only be performed from a local environment. Furthermore, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.