Home / mailings [USN-8465-1] Apache MINA vulnerabilities
Posted on 25 June 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8465-1
June 23, 2026
mina2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Apache MINA could be made to run programs if it received specially crafted
network traffic.
Software Description:
- mina2: Apache MINA is a network application framework which helps users develop high performance and high scalability network applications easily
Details:
It was discovered that Apache MINA lacked an acceptMatchers allowlist
mechanism to restrict which classes could be deserialized. An attacker
could use this to execute arbitrary code. This issue only affected
Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-52046)
It was discovered that Apache MINA's deserialization filter could be
bypassed via multiple code paths. An attacker could use this to execute
arbitrary code by sending a specially crafted serialized object over the
network. (CVE-2026-42778, CVE-2026-42779, CVE-2026-47065)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
libmina2-java 2.2.1-4ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 24.04 LTS
libmina2-java 2.2.1-3ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
libmina2-java 2.1.5-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8465-1
CVE-2024-52046, CVE-2026-42778, CVE-2026-42779, CVE-2026-47065
--===============5594379124346929650==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
