PatchSiren

Jaspersoft CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Jaspersoft CVE published 2026-05-19

CVE-2026-6009

CVE-2026-6009 is a high-severity Java deserialization vulnerability described in the supplied source corpus as affecting a Jaspersoft Reports Library context and potentially enabling remote code execution on the affected system. The official NVD record was published on 2026-05-19 and was still marked "Awaiting Analysis" in the provided data, so the precise affected product scope should be treated cautious [truncated]

CRITICAL Jaspersoft CVE published 2025-12-09

CVE-2025-10492

CVE-2025-10492 is a critical Java deserialization vulnerability in a third-party JasperReports/Jaspersoft component used by Hitachi Energy Ellipse for custom reports. According to the advisory, improperly handled externally supplied data could let an attacker execute arbitrary code remotely on affected systems. CISA’s advisory was initially released on 2026-02-24 and republished on 2026-04-02 with the ven [truncated]