Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

SUSE 16.0 Jackson Annotations Important Security Fix 2026-22504-1

suse
Calendar Grey July 6, 2026
Dist Suse Esm H88
SUSE updates address significant vulnerabilities in jackson-annotations and related packages. Immediate action recommended.
An update that solves four vulnerabilities and has one fix can now be installed.

Summary

## This update for jackson-annotations, jackson-core, jackson-databind fixes the following issues * CVE-2026-54512: jackson-databind has a PolymorphicTypeValidator bypass via generic type parameters that allows arbitrary class instantiation (bsc#1268897). * CVE-2026-54513: jackson-databind has an array subtype allowlist bypass in BasicPolymorphicTypeValidator (bsc#1268898). * CVE-2026-54514: InetSocketAddress deserialization triggers eager DNS resolution (bsc#1268899). * CVE-2026-54515: jackson-databind has case-insensitive deserialization bypasses per-property @JsonIgnoreProperties (bsc#1268902). * document length constraint bypass in blocking, async, and DataInput parsers (bsc#1268603). Changes for jackson-annotations: * Update to 2.18.8 * No changes since 2.17.3

References

* bsc#1268603

* bsc#1268897

* bsc#1268898

* bsc#1268899

* bsc#1268902

Cross-

* CVE-2026-54512

* CVE-2026-54513

* CVE-2026-54514

* CVE-2026-54515

CVSS scores:

* CVE-2026-54512 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-54512 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-54513 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-54513 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-54513 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-54514 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

* CVE-2026-54514 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

* CVE-2026-54515 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:22504-1
Release Date: 2026-07-01T09:06:57Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here