{"schema_version": "1.6.1", "id": "CVE-2026-46718", "summary": "A user-controled model can load arbitrary classes, leading to code execution", "details": "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache Calcite.\n\nThis issue affects Apache Calcite: from 1.5.0 before 1.42.\n\nUsers are recommended to upgrade to version 1.42, which fixes the issue.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "1.5.0"}, {"fixed": "1.42"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/9s37svo343w5ck1ovh478lkzcqk4949v"}]}