Alex Plehanov

**Name of the Vulnerable Software and Affected Versions** Apache Ignite versions 2.6.0 through 2.17.0 **Description** The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whose class is present in the Ignite server classpath and sends it to Ignite server endpoints. Deserialization of such a message by the Ignite server may result in the execution of arbitrary code on the Apache Ignite server side. It is estimated that 60% of deployments are unpatched, leaving sensitive data at risk. **Recommendations** For Apache Ignite versions 2.6.0 through 2.17.0, upgrade to version 2.17.0 or later to mitigate the risk of remote code execution. As a temporary workaround, consider restricting access to Ignite server endpoints to minimize the risk of exploitation.