CVE-2026-41586

CRITICAL SEVERITY

Vulnerability Description

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject() and exposes deSerializeChannel() which call ObjectInputStream.readObject() on untrusted byte arrays without configuring an ObjectInputFilter. This is a classic Java deserialization RCE pattern. At time of publication, there are no publicly available patches.

Vulnerability Details

Published Date

April 29, 2026

Last Modified

May 07, 2026

CWE ID

CWE-502

Source

GitHub

Vendor

maven

Product

org.hyperledger.fabric-sdk-java:fabric-sdk-java

External References

https://github.com/hyperledger/fabric/security/advisories/GHSA-prf8-cf2x-rhx7
https://hyperledger.github.io/fabric-gateway
https://github.com/advisories/GHSA-prf8-cf2x-rhx7

CVE-2026-41586

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment