THE OpenDJ security report highlights a critical vulnerability, tracked as CVE-2026-46495, with a CVSS score of 9.2. The issue, impacting versions up to 5.1.0, allows for unauthenticated remote code execution (RCE) via Java deserialization in the JMX RMI. Although a public exploit exists, no confirmed instances of exploitation have been reported. Users are strongly advised to update to version 5.1.1 immediately to mitigate this risk, as the vulnerable systems expose sensitive databases. The flaw is significant due to the widespread use of the JMX Connection Handler in many installations.
Critical OpenDJ flaw lets unauthenticated hackers run code via JMX
CyberSIXT Evidence Panel
Article by CyberSIXT