cvedb.io
CVE-2021-33790
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2021-05-31T04:15:08.153 · Last modified 2026-06-17T03:55:14.397

Summary

The RebornCore library before 4.7.3 allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of reborncore.common.network.ExtendedPacketBuffer. An attacker can instantiate any class on the classpath with any data. A class usable for exploitation might or might not be present, depending on what Minecraft modifications are installed.

Affected products

techreborn — reborncore

Does this affect you?

Add your gear to cvedb and we'll alert you only when techreborn ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.