CVE advisoryCRITICAL
CVE-2026-33728
Datadog Java Agent RMI Deserialization Vulnerability.
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
The `dd-trace-java` component has a vulnerability that could allow unauthorized code execution. This affects organizations using Java 16 or earlier with specific network configurations. Attackers could gain control of systems and compromise data. Action is advised to mitigate risk.