CVE-2020-26217

January 4, 2021

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream’s Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.

Summary:

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream’s Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.

Reference Links:

https://x-stream.github.io/CVE-2020-26217.html

CVSSv3 Vector String:

8.8

CVSSv2 Score

9.3

You may have missed

hkcert

Ubuntu Linux Kernel Multiple Vulnerabilities

July 2, 2025
hkcert

Microsoft Edge Multiple Vulnerabilities

July 2, 2025
hkcert

Google Chrome Data Manipulation Vulnerability

July 2, 2025
image

CVE Alert: CVE-2025-53107

July 2, 2025
image

CVE Alert: CVE-2025-52294

July 2, 2025