Java Deserialization Vulnerability in Jaspersoft Reports Library by TIBCO Software
CVE-2026-6009

8.7HIGH

Key Information:

Vendor: Jaspersoft
Status: Jasperreports Library Community Edition; Jaspersoft Studio Community Edition; Jasperreports Server; Jasperreports Library Professional
Vendor: CVE Published:; 19 May 2026

What is CVE-2026-6009?

A Java deserialization vulnerability in the Jaspersoft Reports Library has been identified, which could lead to Remote Code Execution (RCE). This issue allows an attacker to execute arbitrary code on the server running the affected software, potentially compromising the integrity and confidentiality of sensitive data. Users of the Jaspersoft Reports Library should update to the latest versions to mitigate this risk and ensure their systems remain secure.

Affected Version(s)

JasperReports IO At-Scale 0 <= 10.0.0

JasperReports IO Professional 0 <= 10.0.0

JasperReports Library Community Edition 0 <= 7.0.6

References

https://community.jaspersoft.com/advisories/jaspersoft-se...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2026
Vulnerability Reserved
Apr 9, 2026

CVE-2026-6009 Data

JSON