The general-purpose data-binding functionality and tree-model for Jackson Data Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration.
Security Fix(es):
jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution (CVE-2026-54513)
jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass (CVE-2026-54512)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.