CVE-2026-45794: OpenAM Push Notification Unsafe Java Deserialization via SNS Callback
A flaw in OpenAM's anonymous SNS push callback endpoint lets an attacker plant a crafted JSON blob in the server's token store, causing OpenAM to load attacker-named Java classes and deserialize attac
The problem
The REST endpoint that processes SNS push notification callbacks is mounted with no authentication. When a messageId is no longer in the in-memory dispatcher, the server falls back to a blob it reads from the Core Token Store (CTS).
That blob's top-level JSON keys are treated as Java class names and passed directly to Class.forName(), with each value then deserialized by Jackson. An attacker who has completed one legitimate push registration can overwrite the CTS blob with attacker-chosen class names and values, triggering class-loading and Jackson construction on the server side.
Proof of concept
# Step 1: As a low-priv user, initiate push registration and obtain:
# messageId, sharedSecret, challenge (from QR code payload)
#
# Step 2: Wait for the in-memory dispatcher entry to expire (TTL passes).
#
# Step 3: Plant the malicious CTS blob via an anonymous SNS callback:
POST /openam/rest/push/sns/message?messageId=<expired-messageId> HTTP/1.1
Host: target.example.com
Content-Type: application/json
Authorization: (none required)
{
"jwt": "<HMAC-signed-JWT-with-sharedSecret>",
"data": {
"com.example.GadgetClass": { "cmd": "id" }
}
}
# Step 4: Send a second anonymous callback for the same messageId.
# OpenAM reads the CTS blob, iterates top-level keys,
# calls Class.forName("com.example.GadgetClass"),
# then deserializes { "cmd": "id" } via Jackson into that class.The root cause is that the CTS-persistence fallback path in the SNS callback handler reconstructs predicates by iterating JSON object keys and passing each one verbatim to Class.forName(), with no allowlist, type validation, or integrity check on the stored blob.
Because the CTS write itself is reachable anonymously (after the in-memory entry expires), an attacker can overwrite the blob before the second callback triggers deserialization.
The patch in 16.1.1 closes this by validating or discarding CTS predicate blobs whose class names do not belong to an expected allowlist, and by binding the CTS token type to the push-notification namespace so attacker-controlled writes cannot overwrite legitimate predicates.
Public PoC not yet available; payload derived from advisory root-cause description and CWE-502 mechanics.
The fix
Upgrade to openam-push-notification 16.1.1 or later. If upgrading immediately is not possible, disable the Push Notification Service with SNS callbacks in all realms until the patch is applied.