Deserialization of Untrusted Data Vulnerability in Apache InLong by Apache
CVE-2025-27526
6.5MEDIUM
What is CVE-2025-27526?
A deserialization of untrusted data vulnerability in Apache InLong allows attackers to potentially exploit JDBC vulnerabilities with URLEncdoe and backspace bypass. This affects all versions from 1.13.0 up to 2.1.0. To resolve this issue, users are encouraged to upgrade to version 2.2.0 or implement a patch available in the project's GitHub repository.
Affected Version(s)
Apache InLong 1.13 <= 2.1.0