Primary

Context

Apache Avro Java SDK Code Injection Vulnerability

Vulnerability

Patched

A code injection vulnerability has been identified in the Apache Avro Java SDK, specifically in versions through 1.11.4 and 1.12.0. This vulnerability arises from improper control of code generation when creating specific records from untrusted Avro schemas.

Impact

Exploitation of this vulnerability allows for code injection through the manipulation of untrusted Avro schemas, potentially leading to arbitrary code execution in the context of the application using the Avro Java SDK.

Remediation

Users are advised to upgrade to Apache Avro Java SDK versions 1.12.1 or 1.11.5, both of which address this vulnerability.

Added: Feb 13, 2026, 12:52 PM

Updated: Feb 13, 2026, 7:49 PM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

2.8

remediation

7.7

relevance

2.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

2.8

remediation

7.7

relevance

2.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Avro Java SDK Code Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apache Avro Java SDK

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating