Home / Security updates / Datadog's Response to Unsafe Deserialization in dd-trace-java RMI Instrumentation (CVE-2026-33728)
Datadog's Response to Unsafe Deserialization in dd-trace-java RMI Instrumentation (CVE-2026-33728)
Security updates detail rendered from /security-updates/upd_cde95293192dcb4d.
Overview
| ID | upd_cde95293192dcb4d |
| Collection | Security Updates |
| Provider | SafeBase |
| Company | Datadog |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_cde95293192dcb4d |
| providerId | safebase |
| organizationId | org_69291cebe8d5d66e |
| trustCenterId | tc_3aed993e7dda3cf3 |
| title | Datadog's Response to Unsafe Deserialization in dd-trace-java RMI Instrumentation (CVE-2026-33728) |
| message | In response to CVE-2026-33728, an unsafe deserialization vulnerability (CVSS 9.3) in dd-trace-java's RMI instrumentation that could allow remote code execution (RCE), Datadog has released a patched version, v1.60.3. This vulnerability affects com.datadoghq:dd-java-agent versions >= 0.40.0 and <= 1.60.2. The Datadog platform is not affected, and customer exposure depends on their network configuration and whether the conditions for exploitation are met. We have not found any signs of exploitation or known indicators of compromise. Customers are encouraged to upgrade to v1.60.3 or later at their earliest opportunity. Please refer to the [advisory](https://github.com/DataDog/dd-trace-java/security/advisories/GHSA-579q-h82j-r5v2) for details, conditions required for exploitability, and available mitigations. |
| url | - |
| publishedAt | 2026-03-24 |
| source | {
"field": "statuspage/public/compliance-update",
"category": "vulnerabilities"
} |
| company | {
"id": "org_69291cebe8d5d66e",
"name": "Datadog",
"domains": [
"trust.datadoghq.com",
"datadoghq.com"
]
} |
| trust_center | {
"id": "tc_3aed993e7dda3cf3",
"name": "Datadog",
"url": "https://trust.datadoghq.com",
"host": "trust.datadoghq.com"
} |
| provider | {
"id": "safebase",
"name": "SafeBase"
} |
| links | {
"self": "/v1/security-updates/upd_cde95293192dcb4d",
"company": "/v1/companies/org_69291cebe8d5d66e",
"trust_center": "/v1/trust-centers/tc_3aed993e7dda3cf3",
"provider": "/v1/providers/safebase"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_cde95293192dcb4dJSON