Hugegraph Raft Node Exploit

HIGH (8.8) No Patch (1 days)
cwe-502apachegraph-databasehessian-deserializationhugegraphraft-noderemote-code-execution

Threat Intelligence

Low Risk
EPSS Score: 0.88% chance of exploitation (percentile: 75%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

Hugegraph is an open-source graph database that utilizes the Apache Cassandra and Apache HBase databases for storage. A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store, allowing attackers to execute arbitrary commands on the system.

Am I affected?

You're affected if you use A remote code execution vulnerability exists where a malicious Raft node can exploit. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.

Affected Packages

maven: org.apache.hugegraph:raft-node

Affected Products

Apache Software Foundation / Hugegraph

How to fix

To fix this issue, upgrade to Hugegraph version 1.7.0 or later from the official GitHub repository: https://github.com/apache/incubator-hugegraph

Immediate mitigations:

  • Restrict network access to your Hugegraph instance (firewall it from the public internet)
  • Audit Raft node activity for suspicious access patterns
  • Monitor for unauthorized Hessian deserialization requests

References