Unsafe Reflection Vulnerability in Apache Calcite by Apache
CVE-2026-46718

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Calcite
Vendor: CVE Published:; 2 June 2026

What is CVE-2026-46718?

A vulnerability exists in Apache Calcite that allows the use of externally-controlled input to select classes or code, leading to potential security risks. Specifically, this issue impacts versions from 1.5.0 prior to 1.42, which could be exploited to execute unintended commands or access sensitive data. It is crucial for users to upgrade to version 1.42 or higher to mitigate these risks and secure their applications.

Affected Version(s)

Apache Calcite 1.5.0 < 1.42

References

https://lists.apache.org/thread/9s37svo343w5ck1ovh478lkzc...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
May 15, 2026

Credit

pyn3rd

uname

4ra1n

CVE-2026-46718 Data

JSON