Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass
Critical severity
GitHub Reviewed
Published
Jun 3, 2026
to the GitHub Advisory Database
•
Updated Jul 13, 2026
Package
Affected versions
>= 2.2.0, < 2.2.8
>= 2.1.0, < 2.1.13
< 2.0.29
Patched versions
2.2.8
2.1.13
2.0.29
Description
Published by the National Vulnerability Database
Jun 3, 2026
Published to the GitHub Advisory Database
Jun 3, 2026
Reviewed
Jul 13, 2026
Last updated
Jul 13, 2026
ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy
Assessment: Fully addressed.
When the serialised stream contains a TC_PROXYCLASSDESC (the marker for a java.lang.reflect.Proxy ), JDK’s ObjectInputStream.readProxyDesc() is dispatched. JDK then calls the default ObjectInputStream.resolveProxyClass(interfaces) implementation, which performs Class.forName(intf, false, latestUserDefinedLoader()) for EACH interface name and constructs the proxy class — bypassing the accepted classes list .
ZDRES-233: Class.forName(name, initialize=true, classLoader) in readClassDescriptor Triggers Static Initialiser of Allow-Listed Classes
Assessment: Fully addressed.
For ANY class on the allow-list, deserialising a stream that names it triggers the class’s (static initialiser) BEFORE any instance is constructed. This means an attacker who supplies a class name on the allow-list (e.g., the developer wrote accept(“com.myapp.*") , attacker supplies com.myapp.SomeClass ) causes of SomeClass — and many real-world classes have side-effecting static initialisers
Both issues have been fixed.
References