{"uuid": "55bfd6c8-0c96-4704-85f6-4c8bc7d8b981", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42779", "type": "seen", "source": "https://bsky.app/profile/toxy4ny.bsky.social/post/3mq3ptkbix227", "content": "Tuesday\u2019s fuck up - And this time, Apache MINA \u2013 blog.securelayer7.net/cve-2026-427... CVE-2026-42779. The trick is in GeneratePayload.java: a subclass of ObjectOutputStream overrides writeClassDescriptor() to write a single 0x00 byte before each descriptor. #apache #rce #deserialization #cve", "creation_timestamp": "2026-07-07T13:07:25.105386Z"}