Login Sign Up

CVE-2024-26580

9.1 CRITICAL
Deserialization

📋 TL;DR

This CVE describes a deserialization vulnerability in Apache InLong that allows attackers to read arbitrary files from the server. The vulnerability affects Apache InLong versions 1.8.0 through 1.10.0. Attackers can exploit this by sending specially crafted payloads to vulnerable instances.

💻 Affected Systems

Products:
  • Apache InLong
Versions: 1.8.0 through 1.10.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments running affected versions are vulnerable regardless of configuration.

📦 What is this software?

Inlong by Apache

View all CVEs affecting Inlong →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data exfiltration, privilege escalation, and potential lateral movement within the network.

🟠

Likely Case

Unauthorized reading of sensitive files including configuration files, credentials, and application data from the server.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing exploitation attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability allows file reading via deserialization attacks, which typically have low exploitation complexity once the payload is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.11.0

Vendor Advisory: https://lists.apache.org/thread/xvomf66l58x4dmoyzojflvx52gkzcdmk

Restart Required: Yes

Instructions:

1. Backup your current configuration and data. 2. Download Apache InLong 1.11.0 from the official Apache website. 3. Stop the InLong service. 4. Replace the installation with version 1.11.0. 5. Restore configuration and data. 6. Start the service and verify functionality.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict network access to InLong instances to only trusted sources

iptables -A INPUT -p tcp --dport [INLONG_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [INLONG_PORT] -j DROP

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate InLong instances from untrusted networks
  • Deploy web application firewall (WAF) rules to detect and block deserialization attempts

🔍 How to Verify

Check if Vulnerable:

Check the InLong version by examining the application logs or configuration files for version information. Versions 1.8.0 through 1.10.0 are vulnerable.

Check Version:

grep -i version /path/to/inlong/config/*.properties 2>/dev/null || cat /path/to/inlong/logs/*.log | grep -i version

Verify Fix Applied:

Verify the installed version is 1.11.0 or later by checking the application version in logs or configuration.

📡 Detection & Monitoring

Log Indicators:

  • Unusual deserialization attempts in application logs
  • Error messages related to file access or serialization failures
  • Requests with unusual payloads or content types

Network Indicators:

  • Unusual traffic patterns to InLong endpoints
  • Requests containing serialized object data

SIEM Query:

source="inlong.logs" AND ("deserialization" OR "serialization" OR "FileNotFoundException" OR "IOException")

📊 Metadata

CVE ID: CVE-2024-26580
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-502
Published: March 6, 2024
Last Updated: May 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-26580, you might also want to check these:

CVE-2023-46604 10.0

CVE-2023-46604 is a critical remote code execution vulnerability in Apache ActiveMQ's Java OpenWire ...

Same vulnerability type (CWE-502)
CVE-2023-49772 10.0

This vulnerability allows unauthenticated attackers to execute arbitrary PHP code through deserializ...

Same vulnerability type (CWE-502)
CVE-2024-25100 10.0

This vulnerability allows unauthenticated attackers to inject malicious PHP objects via deserializat...

Same vulnerability type (CWE-502)