Severity: moderate
Affected versions:
- Apache Calcite (org.apache.calcite:calcite-core) 1.5.0 before 1.42
Description:
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe
Reflection') vulnerability in Apache Calcite.
This issue affects Apache Calcite: from 1.5.0 before 1.42.
Users are recommended to upgrade to version 1.42, which fixes the issue.
This issue is being tracked as CALCITE-7532
Credit:
pyn3rd (finder)
uname (finder)
4ra1n (finder)
References:
https://calcite.apache.org/
https://www.cve.org/CVERecord?id=CVE-2026-46718
https://issues.apache.org/jira/browse/CALCITE-7532
