Shukuang

**Name of the Vulnerable Software and Affected Versions** Apache HugeGraph-Server versions prior to 1.7.0 **Description** A remote code execution issue exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process against object injection attacks. Hessian is a binary object serialization format. **Recommendations** Upgrade to version 1.7.0 to resolve the issue.