Login Sign Up

CVE-2024-26579

9.8 CRITICAL
Remote Code Execution Authentication Bypass Deserialization

📋 TL;DR

This CVE describes a deserialization vulnerability in Apache InLong that allows attackers to bypass security controls using malicious parameters. Attackers could potentially execute arbitrary code on affected systems. The vulnerability affects Apache InLong versions 1.7.0 through 1.11.0.

💻 Affected Systems

Products:
  • Apache InLong
Versions: 1.7.0 through 1.11.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments within the affected version range are vulnerable regardless of configuration.

📦 What is this software?

Inlong by Apache

View all CVEs affecting Inlong →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Unauthorized access to sensitive data, service disruption, or privilege escalation within the InLong application.

🟢

If Mitigated

Limited impact if proper network segmentation and input validation controls are in place, though risk remains elevated due to CVSS 9.8 rating.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability allows bypassing security controls via malicious parameters, suggesting relatively straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.12.0

Vendor Advisory: https://lists.apache.org/thread/d2hndtvh6bll4pkl91o2oqxyynhr54k3

Restart Required: Yes

Instructions:

1. Upgrade Apache InLong to version 1.12.0 or later. 2. Alternatively, cherry-pick fixes from GitHub PRs #9694 and #9707. 3. Restart all InLong services after patching.

🔧 Temporary Workarounds

Network Isolation

linux

Restrict network access to InLong services to only trusted sources

iptables -A INPUT -p tcp --dport [INLONG_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [INLONG_PORT] -j DROP

Input Validation Proxy

all

Deploy a reverse proxy with strict input validation rules

🧯 If You Can't Patch

  • Implement strict network segmentation and firewall rules to limit access to InLong services
  • Deploy web application firewall (WAF) with deserialization attack detection rules

🔍 How to Verify

Check if Vulnerable:

Check Apache InLong version using the management interface or configuration files. Versions 1.7.0 through 1.11.0 are vulnerable.

Check Version:

Check the version in the InLong web interface or examine the application configuration files for version information.

Verify Fix Applied:

Verify version is 1.12.0 or later, or confirm that GitHub PRs #9694 and #9707 have been applied to the codebase.

📡 Detection & Monitoring

Log Indicators:

  • Unusual deserialization errors
  • Unexpected parameter values in requests
  • Stack traces containing deserialization-related classes

Network Indicators:

  • Unusual traffic patterns to InLong endpoints
  • Requests with malformed or unexpected parameter structures

SIEM Query:

source="inlong" AND (error OR exception) AND (deserialization OR ObjectInputStream)

📊 Metadata

CVE ID: CVE-2024-26579
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-502
Published: May 8, 2024
Last Updated: March 28, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-26579, you might also want to check these:

CVE-2023-46604 10.0

CVE-2023-46604 is a critical remote code execution vulnerability in Apache ActiveMQ's Java OpenWire ...

Same vulnerability type (CWE-502)
CVE-2023-49772 10.0

This vulnerability allows unauthenticated attackers to execute arbitrary PHP code through deserializ...

Same vulnerability type (CWE-502)
CVE-2024-25100 10.0

This vulnerability allows unauthenticated attackers to inject malicious PHP objects via deserializat...

Same vulnerability type (CWE-502)