Java Deserialization RCE in Jaspersoft Reports Library
CVE-2026-6009 Published on May 19, 2026

Jaspersoft Library Deserialisation Vulnerability
Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution (RCE), potentially allowing code execution on the affected system

NVD

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2026-6009 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.

Affected Versions

Jaspersoft JasperReports Library Community Edition:

Before and including 7.0.6 is affected.

Jaspersoft Studio Community Edition:

Before and including 7.0.6 is affected.

Jaspersoft JasperReports Server:

Before and including 10.0.0 is affected.

Jaspersoft JasperReports Library Professional:

Before and including 10.0.0 is affected.

Jaspersoft Studio Professional:

Before and including 10.0.0 is affected.

Jaspersoft JasperReports IO Professional:

Before and including 10.0.0 is affected.

Jaspersoft JasperReports IO At-Scale:

Before and including 10.0.0 is affected.

Jaspersoft JasperReports Web Studio:

Before and including 10.0.1 is affected.

Java Deserialization RCE in Jaspersoft Reports LibraryCVE-2026-6009 Published on May 19, 2026

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

Affected Versions

Java Deserialization RCE in Jaspersoft Reports Library
CVE-2026-6009 Published on May 19, 2026