← Voltar para CVEs
CVE-2026-1225
N/ADescricao
ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially malicious Java class requires that said class is present on the user's class-path. In addition, the attacker must have write access to a configuration file. However, after successful instantiation, the instance is very likely to be discarded with no further ado.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado1/22/2026
Ultima modificacao1/26/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-20
Referencias
https://logback.qos.ch/news.html#1.5.25(vulnerability@ncsc.ch)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.