BIT-activemq-2020-26217

Risk Scores

Affected Products

Exploit Intelligence

• CVE-2020-26217 && XStream RCE (github-poc-repo)
• xstream with CVE-2020-26217 (github-poc-repo)
• cuijiung/xstream-CVE-2020-26217 (github-poc-repo)
• CVE-2020-26217 XStream反序列化的poc (github-poc-repo)
• CVE-2020-26217 XStream反序列化的poc (github-poc)
• shoucheng3/x-stream__xstream_CVE-2020-26217_1-4-14-java77 (github-poc)
• cuijiung/xstream-CVE-2020-26217 (github-poc)
• xstream with CVE-2020-26217 (github-poc)
• CVE-2020-26217 && XStream RCE (github-poc)
• CVE-2020-26217 XStream RCE POC (github-poc)

…and 2 more exploits

Timeline

• Dec 3, 2025 CVE Published
• Dec 3, 2025 CVE Updated
• Apr 30, 2026 Distribution Patch

References

• https://github.com/x-stream/xstream/commit/0fec095d534126931c99fd38e9c6d41f5c685c1a url
• https://github.com/x-stream/xstream/security/advisories/GHSA-mw36-7c6c-q4q2 url
• https://lists.apache.org/thread.html/r2de526726e7f4db4a7cb91b7355070779f51a84fd985c6529c2f4e9e%40%3Cissues.activemq.apache.org%3E url
• https://lists.apache.org/thread.html/r7c9fc255edc0b9cd9567093d131f6d33fde4c662aaf912460ef630e9%40%3Ccommits.camel.apache.org%3E url
• https://lists.apache.org/thread.html/r826a006fda71cc96fc87b6eca4b5d195f19a292ad36cea501682c38c%40%3Cissues.activemq.apache.org%3E url
• https://lists.apache.org/thread.html/redde3609b89b2a4ff18b536a06ef9a77deb93d47fda8ed28086fa8c3%40%3Cissues.activemq.apache.org%3E url
• https://lists.debian.org/debian-lts-announce/2020/12/msg00001.html url
• https://nvd.nist.gov/vuln/detail/CVE-2020-26217 url
• https://security.netapp.com/advisory/ntap-20210409-0004/ url
• https://www.debian.org/security/2020/dsa-4811 url
• https://www.oracle.com//security-alerts/cpujul2021.html url
• https://www.oracle.com/security-alerts/cpuApr2021.html url
• https://www.oracle.com/security-alerts/cpuapr2022.html url
• https://www.oracle.com/security-alerts/cpujan2022.html url
• https://www.oracle.com/security-alerts/cpuoct2021.html url
• https://x-stream.github.io/CVE-2020-26217.html url