CVE-2026-27830 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-27830 PUBLISHED CVSS 8.899999618530273 HIGH

c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property

EPSS 0.17% · 38.5th percentile

Risk Scores

CVSS v4.0

8.899999618530273

CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS Score

0.17%

38.5th percentile

Affected Products

Vendor	Product	Versions
AWS	connect
Maven	com.mchange:c3p0	0, 0, 0
swaldman	c3p0	< 0.12.0, < 0.12.0, < 0.12.0
AWS	config

Timeline

Feb 25, 2026 CVE Published
Feb 26, 2026 EPSS Score
Feb 26, 2026 PoC Published
Feb 27, 2026 CVE Updated
Feb 27, 2026 EPSS Score
Feb 28, 2026 EPSS Score
Mar 1, 2026 EPSS Score
Mar 2, 2026 EPSS Score
Mar 3, 2026 EPSS Score
Mar 4, 2026 EPSS Score
Mar 5, 2026 EPSS Score
Mar 6, 2026 EPSS Score

References

Open in Interactive Console →