A high-severity vulnerability has been identified in Apache Fory, impacting distributed enterprise networks through unauthorized remote code execution. This issue, tracked as CVE-2026-50076, arises from a deserialization bypass due to inadequate verification controls in the Java ReplaceResolverSerializer. Attackers can exploit this flaw by bypassing validation mechanisms, allowing malicious data to execute unauthorized commands on backend servers.
The vulnerability affects all versions prior to 1.1.0, prompting immediate patching by upgrading to the latest version which enforces stronger data sanitization. Organizations are advised to audit their software for potential exposure to this flaw.