Ubuntu 26.04 Apache MINA Important Remote Code Execution Vuln 8465-1
ubuntu
June 25, 2026
Apache MINA could be made to run programs if it received specially crafted network traffic.
Summary
Apache MINA could be made to run programs if it received specially crafted
network traffic.
Software Description:
- mina2: Apache MINA is a network application framework which helps users develop high performance and high scalability network applications easily
Details:
It was discovered that Apache MINA lacked an acceptMatchers allowlist
mechanism to restrict which classes could be deserialized. An attacker
could use this to execute arbitrary code. This issue only affected
Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-52046)
It was discovered that Apache MINA's deserialization filter could be
bypassed via multiple code paths. An attacker could use this to execute
arbitrary code by sending a specially crafted serialized object over the
network. (CVE-2026-42778, CVE-2026-42779, CVE-2026-47065)
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
libmina2-java 2.2.1-4ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 24.04 LTS
libmina2-java 2.2.1-3ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
libmina2-java 2.1.5-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.References
https://ubuntu.com/security/notices/USN-8465-1
CVE-2024-52046, CVE-2026-42778, CVE-2026-42779, CVE-2026-47065
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-8465-1
Topics Covered
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!