Igniterealtime Smack Security Vulnerabilities in 2026

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Igniterealtime Smack.

By the Year

In 2026 there have been 0 vulnerabilities in Igniterealtime Smack.

Year	Vulnerabilities	Average Score
2026	0	0.00

It may take a day or so for new Smack vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Igniterealtime Smack Security Vulnerabilities

Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set
CVE-2016-10027 5.9 - Medium - January 12, 2017

Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response.

Race Condition

The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which
CVE-2014-0363 - April 30, 2014

The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain.

Improper Certificate Validation

The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which
CVE-2014-0364 - April 30, 2014

The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute.

Insufficient Verification of Data Authenticity

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Igniterealtime Smack or by Igniterealtime? Click the Watch button to subscribe.

Igniterealtime
Vendor

Igniterealtime Smack
Product

Igniterealtime Smack

Don't miss out!

By the Year

Recent Igniterealtime Smack Security Vulnerabilities

Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set CVE-2016-10027 5.9 - Medium - January 12, 2017

The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which CVE-2014-0363 - April 30, 2014

The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which CVE-2014-0364 - April 30, 2014