DTStack chunjun <1.16.1 Deserialization of Untrusted Data Vulnerability
CVE-2026-4735 Published on March 24, 2026

A stack overflow and DoS vulnerability in DTStack/chunjun
Deserialization of Untrusted Data vulnerability in DTStack chunjun (chunjun-core/src/main/java/com/dtstack/chunjun/util modules). This vulnerability is associated with program files GsonUtil.Java. This issue affects chunjun: before 1.16.1.

NVD

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2026-4735 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.

Affected Versions

DTStack chunjun:

Before 1.16.1 is affected.

Exploit Probability

EPSS

0.05%

Percentile

16.61%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

DTStack chunjun <1.16.1 Deserialization of Untrusted Data VulnerabilityCVE-2026-4735 Published on March 24, 2026

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

Affected Versions

Exploit Probability

DTStack chunjun <1.16.1 Deserialization of Untrusted Data Vulnerability
CVE-2026-4735 Published on March 24, 2026