Apache - Apache Mina - CRITICAL - CVE-2026-47065. A filter bypass vulnerability exists in certain Apache products where the deserialization process of Java objects can be manipulated. Specifically, when a serialized stream identifies a java.lang.reflect.Proxy, the ObjectInputStream's default behavior allows the construction of proxy classes without proper checks against an accepted classes list. This could enable attackers to invoke static initializers of classes on an allow-list, leading to potential unauthorized execution of code. Both identified issues linked to this vulnerability have been fully addressed, ensuring the integrity of the affected products.