Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.hyperledger.fabric-sdk-java/fabric-sdk-java@2.2.24
purl pkg:maven/org.hyperledger.fabric-sdk-java/fabric-sdk-java@2.2.24
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.5
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-t7g7-8thf-bqgc
Aliases:
CVE-2026-41586
GHSA-prf8-cf2x-rhx7
Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject() and exposes deSerializeChannel() which call ObjectInputStream.readObject() on untrusted byte arrays without configuring an ObjectInputFilter. This is a classic Java deserialization RCE pattern. At time of publication, there are no publicly available patches. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-12T22:14:32.559819+00:00 GitLab Importer Affected by VCID-t7g7-8thf-bqgc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.hyperledger.fabric-sdk-java/fabric-sdk-java/CVE-2026-41586.yml 38.6.0