CVE-2026-41635 — Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes or primitive types) does not check the class at all, bypassing the classname allowlist and allo — CVE Database · The Intelligence Room