Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN575
_____________________________________________________________________

DATE                : 02/06/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Calcite versions prior
                                       to 1.42.

=====================================================================
https://lists.apache.org/thread/9s37svo343w5ck1ovh478lkzcqk4949v
_____________________________________________________________________

CVE-2026-46718: Apache Calcite: A user-controled model can load
arbitrary classes, leading to code execution

Severity: moderate 

Affected versions:

- Apache Calcite (org.apache.calcite:calcite-core) 1.5.0 before 1.42

Description:

Use of Externally-Controlled Input to Select Classes or Code
('Unsafe Reflection') vulnerability in Apache Calcite.

This issue affects Apache Calcite: from 1.5.0 before 1.42.

Users are recommended to upgrade to version 1.42, which fixes the
issue.

This issue is being tracked as CALCITE-7532 

Credit:

pyn3rd (finder)
uname (finder)
4ra1n (finder)

References:

https://calcite.apache.org/
https://www.cve.org/CVERecord?id=CVE-2026-46718
https://issues.apache.org/jira/browse/CALCITE-7532

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================