CVE-2026-54516 | FasterXML jackson-databind up to 2.21.3/3.1.3 POJOPropertiesCollector._renameProperties backing dynamically-determined object attributes (GHSA-9fxm-vc8v-hj55)

Inserito da Angelo Barbosa | Giu 23, 2026 | CVE

A vulnerability classified as problematic was found in FasterXML jackson-databind up to 2.21.3/3.1.3. This affects the function POJOPropertiesCollector._renameProperties. Such manipulation of the argument backing leads to dynamically-determined object attributes.

This vulnerability is referenced as CVE-2026-54516. It is possible to launch the attack remotely. No exploit is available.

Upgrading the affected component is advised.

CVE-2026-54516 | FasterXML jackson-databind up to 2.21.3/3.1.3 POJOPropertiesCollector._renameProperties backing dynamically-determined object attributes (GHSA-9fxm-vc8v-hj55)

Post correlati

CVE-2025-0200 | code-projects Point of Sales and Inventory Management System 1.0 /user/search_num.php search sql injection

CVE-2025-9483 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 singlePortForwardAdd ruleName/schedule/inboundFilter stack-based overflow

CVE-2024-3350 | SourceCodester Aplaya Beach Resort Online Reservation System 1.0 admin/mod_room/index.php id sql injection

CVE-2024-1658 | Grid Shortcodes Plugin up to 1.1.0 on WordPress Shortcode Attribute cross site scripting