{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-46718", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2026-05-15T23:55:08.288Z", "datePublished": "2026-06-02T09:17:51.193Z", "dateUpdated": "2026-06-02T14:41:35.506Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://repo.maven.apache.org/maven2", "defaultStatus": "unaffected", "packageName": "org.apache.calcite:calcite-core", "product": "Apache Calcite", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "1.42", "status": "affected", "version": "1.5.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "pyn3rd"}, {"lang": "en", "type": "finder", "value": "uname"}, {"lang": "en", "type": "finder", "value": "4ra1n"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache Calcite.</p><p>This issue affects Apache Calcite: from 1.5.0 before 1.42.</p><p>Users are recommended to upgrade to version 1.42, which fixes the issue.</p>"}], "value": "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache Calcite.\n\nThis issue affects Apache Calcite: from 1.5.0 before 1.42.\n\nUsers are recommended to upgrade to version 1.42, which fixes the issue."}], "metrics": [{"other": {"content": {"text": "moderate"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-470", "description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2026-06-02T09:17:51.193Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/9s37svo343w5ck1ovh478lkzcqk4949v"}], "source": {"defect": ["CALCITE-7532"], "discovery": "EXTERNAL"}, "title": "Apache Calcite: A user-controled model can load arbitrary classes, leading to code execution", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/06/01/7"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-06-02T09:29:32.978Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-06-02T12:01:46.177456Z", "id": "CVE-2026-46718", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-02T14:41:35.506Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/06/01/7"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-06-02T09:29:32.978Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-46718", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-02T12:01:46.177456Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-02T14:41:31.925Z"}}], "cna": {"title": "Apache Calcite: A user-controled model can load arbitrary classes, leading to code execution", "source": {"defect": ["CALCITE-7532"], "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "pyn3rd"}, {"lang": "en", "type": "finder", "value": "uname"}, {"lang": "en", "type": "finder", "value": "4ra1n"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "moderate"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Calcite", "versions": [{"status": "affected", "version": "1.5.0", "lessThan": "1.42", "versionType": "semver"}], "packageName": "org.apache.calcite:calcite-core", "collectionURL": "https://repo.maven.apache.org/maven2", "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.apache.org/thread/9s37svo343w5ck1ovh478lkzcqk4949v", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache Calcite.\n\nThis issue affects Apache Calcite: from 1.5.0 before 1.42.\n\nUsers are recommended to upgrade to version 1.42, which fixes the issue.", "supportingMedia": [{"type": "text/html", "value": "<p>Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache Calcite.</p><p>This issue affects Apache Calcite: from 1.5.0 before 1.42.</p><p>Users are recommended to upgrade to version 1.42, which fixes the issue.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-470", "description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2026-06-02T09:17:51.193Z"}}}, "cveMetadata": {"cveId": "CVE-2026-46718", "state": "PUBLISHED", "dateUpdated": "2026-06-02T14:41:35.506Z", "dateReserved": "2026-05-15T23:55:08.288Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2026-06-02T09:17:51.193Z", "assignerShortName": "apache"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:calcite:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAEA6DBA-E691-48A6-9A79-EB742BB3E496", "versionEndExcluding": "1.42.0", "versionStartIncluding": "1.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache Calcite.\n\nThis issue affects Apache Calcite: from 1.5.0 before 1.42.\n\nUsers are recommended to upgrade to version 1.42, which fixes the issue."}], "id": "CVE-2026-46718", "lastModified": "2026-06-03T02:04:50.883", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-06-02T10:16:25.377", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/9s37svo343w5ck1ovh478lkzcqk4949v"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2026/06/01/7"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-470"}], "source": "security@apache.org", "type": "Secondary"}]}

{"bugzilla": {"description": "calcite: org.apache.calcite.avatica/avatica-core: Apache Calcite: Unsafe Reflection vulnerability allows externally-controlled input to select classes or code.", "id": "2484010", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2484010"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-470", "details": ["Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache Calcite.\nThis issue affects Apache Calcite: from 1.5.0 before 1.42.\nUsers are recommended to upgrade to version 1.42, which fixes the issue.", "A flaw was found in Apache Calcite when processing specially crafted queries. An authenticated user could trigger unintended application behavior through affected query-processing functionality. Exploitation requires access to the vulnerable feature and is limited to the application's operating context. The issue does not allow direct takeover of the host or unrestricted execution of arbitrary code."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-46718", "package_state": [{"cpe": "cpe:/a:redhat:cryostat:4", "fix_state": "Fix deferred", "package_name": "avatica-core", "product_name": "Cryostat 4"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Fix deferred", "package_name": "avatica-core", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Fix deferred", "package_name": "avatica-core", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}], "public_date": "2026-06-02T09:17:51Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-46718\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-46718\nhttp://www.openwall.com/lists/oss-security/2026/06/01/7\nhttps://lists.apache.org/thread/9s37svo343w5ck1ovh478lkzcqk4949v"], "statement": "This Moderate flaw in Apache Calcite allows an authenticated attacker to trigger unintended application behavior by submitting specially crafted queries. While exploitation is limited to the application's operating context and does not permit direct host takeover or arbitrary code execution, it could lead to unexpected application states.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.5.0,1.42)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Apache Calcite", "source": "cna", "vendor": "Apache Software Foundation"}, "product": "calcite", "vendor": "apache"}], "created": "2026-06-02T11:30:07.504902+00:00", "updated": "2026-06-02T16:45:13.257128+00:00", "vendors": ["apache", "apache$PRODUCT$calcite"]}