Heap Buffer Overflow Vulnerability in Jansi JNI by Fusesource
CVE-2026-8484

4.8MEDIUM

Key Information:

Vendor: Fusesource
Status: Jansi
Vendor: CVE Published:; 16 June 2026

What is CVE-2026-8484?

A heap buffer overflow vulnerability has been identified in the Jansi JNI implementation, specifically within the 'ioctl()' wrapper. This issue arises from the absence of adequate size verification for the argument array before executing a system call, potentially leading to heap corruption. As a consequence, this vulnerability can cause significant application crashes, resulting in denial-of-service (DoS) scenarios. It is important to note that all versions of the Jansi product are affected, and the project is currently unmaintained, which increases the risk of exploitation.

Affected Version(s)

jansi 0 <= 2.4.3

References

https://cert.pl/en/posts/2026/06/CVE-2026-8484

third-party-advisory

https://github.com/fusesource/jansi/tree/master

product

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
May 13, 2026

Credit

Michał Majchrowicz (AFINE)

Marcin Wyczechowski (AFINE)

CVE-2026-8484 Data

JSON