OpenAM <= 16.0.5 - Pre-Auth RCE via jato.clientSession Deserialization CVE-2026-33439
- Severity
- Vulnerability description
- Not available
- Risk description
- Not available
- Recommendation
- Not available
- References
- https://www.hacktron.ai/blog/openam-deserialization-pre-auth-rcehttps://github.com/OpenIdentityPlatform/OpenAM/security/advisories/GHSA-2cqq-rpvq-g5qj
- Codename
- Not available
- Detectable with
- Network Scanner
- Scan engine
- Nuclei
- Exploitable with Sniper
- No
- CVE Published
- Apr 7, 2026
- Detection added at
- Software Type
- Not available
- Vendor
- Not available
- Product
- Not available
Detect this vulnerability now!
Check your clients' targets (or your own) for this vulnerability and thousands more! Get proof for validation with our ethical hacking toolkit.