CNVD-2026-09789 — Vulnetix

CNVD-2026-09789 PUBLISHED CVSS 7.300000190734863 HIGH

Apache Hadoop是一套用于在由通用硬件构建的大型集群上运行应用程序的框架。它实现了Map/Reduce编程范型，计算任务会被分割成小块（多次）运行在不同的节点上。 Apache Hadoop存在越界写入漏洞。该漏洞是由于程序未对用户输入的URI进行严格的边界检查。攻击者可利用该漏洞通过远程发送特制的恶意代码，引发客户端崩溃、数据损坏或执行任意代码。

Risk Scores

CVSS v3.1

7.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected Products

Vendor	Product	Versions
Apache Software Foundation	HDFS native client	3.2.0

Timeline

Jan 23, 2026 PoC Published
Jan 23, 2026 PoC Published
Jan 25, 2026 PoC Published
Jan 26, 2026 CVE Published
Jan 26, 2026 PoC Published
Jan 26, 2026 PoC Published
Jan 27, 2026 PoC Published
Feb 2, 2026 PoC Published

References

https://lists.apache.org/thread/kwjhyyx0wl2z9b0mw0styjk0hhdbyplh vendor-advisory
http://www.openwall.com/lists/oss-security/2026/01/23/7 url

Open in Interactive Console →