{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-17T00:03:52.135","vulnerabilities":[{"cve":{"id":"CVE-2026-1225","sourceIdentifier":"vulnerability@ncsc.ch","published":"2026-01-22T10:16:07.693","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"ACE vulnerability in configuration file processing  by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file.\n\n\n\n\nThe instantiation of a potentially malicious Java class requires that said class is present on the user's class-path. In addition, the attacker must  have write access to a \nconfiguration file. However, after successful instantiation, the instance is very likely to be discarded with no further ado."},{"lang":"es","value":"Vulnerabilidad ACE en el procesamiento de archivos de configuración por QOS.CH logback-core hasta la versión 1.5.24 inclusive en aplicaciones Java, permite a un atacante instanciar clases ya presentes en el classpath comprometiendo un archivo de configuración de logback existente.\n\nLa instanciación de una clase Java potencialmente maliciosa requiere que dicha clase esté presente en el classpath del usuario. Además, el atacante debe tener acceso de escritura a un archivo de configuración. Sin embargo, después de una instanciación exitosa, es muy probable que la instancia sea descartada sin más preámbulos."}],"metrics":{"cvssMetricV40":[{"source":"vulnerability@ncsc.ch","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:X/V:X/RE:M/U:Green","baseScore":1.8,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"NO","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"GREEN"}}]},"weaknesses":[{"source":"vulnerability@ncsc.ch","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://logback.qos.ch/news.html#1.5.25","source":"vulnerability@ncsc.ch"}]}}]}