{
  "title": "CVE of the day — CVE-2026-40008 (CVSS 9,8, criticism)",
  "title_variants": [
    {
      "id": "v0",
      "title": "CVE of the day — CVE-2026-40008 (CVSS 9,8, criticism)"
    },
    {
      "id": "v1",
      "title": "CVSS 9,8"
    },
    {
      "id": "v2",
      "title": "CVE-2026-40008: critical vulnerability, CVSS 9,8/10, type CWE-470, exploitable remotely,"
    }
  ],
  "description": "CVE-2026-40008: critical vulnerability, CVSS 9,8/10, type CWE-470, exploitable remotely, without privileges, without user interaction. Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache IoTDB. The pipe processor reads a fully qualified Java class..",
  "keywords": [
    "c",
    "cve-2026-40008",
    "vulnerability",
    "critical vulnerability",
    "cwe-470",
    "cvs",
    "cybersecurity",
    "cybersecurity",
    "♪",
    "security update"
  ],
  "scenes": [
    {
      "title": "CVE-2026-40008",
      "subtitle": "CVSS 9,8",
      "text": "CVE-2026-40008: Critical gravity, CVSS score 9.8 out of 10 according to the National Vulnerability Database."
    },
    {
      "title": "CWE-470",
      "subtitle": "CWE-470 · CVSS v3.1",
      "text": "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache IoTDB. The pipe processor reads a fully qualified Java class name and instantiates it using.."
    },
    {
      "title": "EXPOSURE AND MITIGATION",
      "subtitle": "remotely exploitable, without privileges, without user interaction",
      "text": "Remotely exploitable Vulnerability, without privileges, without user interaction. Apply the update of the supplier promptly and consult the official notice on NVD."
    }
  ],
  "publication_date": "2026-07-12T01:00:28.749Z",
  "duration": 20,
  "topic": "cve",
  "lang": "en",
  "translation_group": "cve-2026-07-12",
  "poster": "cve-2026-07-12-en.jpg",
  "preview": "cve-2026-07-12-en.gif",
  "og_card": "cve-2026-07-12-en.og.jpg",
  "audiogram": "cve-2026-07-12-en.audiogram.mp4",
  "captions": "cve-2026-07-12-en.vtt",
  "generation": {
    "procedural": true,
    "ai_generated": [
      "background",
      "voice"
    ],
    "real_data_source": "official public API",
    "filmed_real_event": false,
    "disclosure": "Procedurally generated from real public-source data; abstract AI-generated backgrounds; synthetic (TTS) voice. No real event is filmed or altered."
  },
  "transcript_text": "CVE-2026-40008: Critical gravity, CVSS score 9.8 out of 10 according to the National Vulnerability Database. Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache IoTDB. The pipe processor reads a fully qualified Java class name and instantiates it using.. Remotely exploitable Vulnerability, without privileges, without user interaction. Apply the update of the supplier promptly and consult the official notice on NVD.",
  "transcript": [
    {
      "start": 0,
      "end": 6.667,
      "text": "CVE-2026-40008: Critical gravity, CVSS score 9.8 out of 10 according to the National Vulnerability Database."
    },
    {
      "start": 6.667,
      "end": 13.333,
      "text": "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache IoTDB. The pipe processor reads a fully qualified Java class name and instantiates it using.."
    },
    {
      "start": 13.333,
      "end": 20,
      "text": "Remotely exploitable Vulnerability, without privileges, without user interaction. Apply the update of the supplier promptly and consult the official notice on NVD."
    }
  ]
}