diff --git a/release-notes/VERSION-2.x b/release-notes/VERSION-2.x
index 56375c739f..c24809b05a 100644
--- a/release-notes/VERSION-2.x
+++ b/release-notes/VERSION-2.x
@@ -10,6 +10,10 @@ Project: jackson-databind
(reported by Al1ex@knownsec)
#2814: Block one more gadget type (xxx, CVE-xxxx-xxx)
(reported by ChenZhaojun)
+#2826: Block one more gadget type (xxx, CVE-xxxx-xxx)
+ (reported by ChenZhaojun)
+#2827: Block one more gadget type (xxx, CVE-xxxx-xxx)
+ (reported by ChenZhaojun)
2.9.10.5 (21-Jun-2020)
diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
index d470bb53d5..dc706429cf 100644
--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
@@ -13,7 +13,7 @@
* Helper class used to encapsulate rules that determine subtypes that
* are invalid to use, even with default typing, mostly due to security
* concerns.
- * Used by BeanDeserializerFacotry
+ * Used by BeanDeserializerFactory
*
* @since 2.8.11
*/
@@ -201,7 +201,11 @@ public class SubTypeValidator
// [databind#2798]: com.pastdev.httpcomponents:
s.add("com.pastdev.httpcomponents.configuration.JndiConfiguration");
-
+
+ // [databind#2826], [databind#2827]
+ s.add("com.nqadmin.rowset.JdbcRowSetImpl");
+ s.add("org.arrah.framework.rdbms.UpdatableJdbcRowsetImpl");
+
DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
}