diff --git a/release-notes/VERSION-2.x b/release-notes/VERSION-2.x
index 56375c739f..c24809b05a 100644
--- a/release-notes/VERSION-2.x
+++ b/release-notes/VERSION-2.x
@@ -10,6 +10,10 @@ Project: jackson-databind
  (reported by Al1ex@knownsec)
 #2814: Block one more gadget type (xxx, CVE-xxxx-xxx)
  (reported by ChenZhaojun)
+#2826: Block one more gadget type (xxx, CVE-xxxx-xxx)
+ (reported by ChenZhaojun)
+#2827: Block one more gadget type (xxx, CVE-xxxx-xxx)
+ (reported by ChenZhaojun)
 
 2.9.10.5 (21-Jun-2020)
 
diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
index d470bb53d5..dc706429cf 100644
--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
@@ -13,7 +13,7 @@
  * Helper class used to encapsulate rules that determine subtypes that
  * are invalid to use, even with default typing, mostly due to security
  * concerns.
- * Used by <code>BeanDeserializerFacotry</code>
+ * Used by <code>BeanDeserializerFactory</code>
  *
  * @since 2.8.11
  */
@@ -201,7 +201,11 @@ public class SubTypeValidator
 
         // [databind#2798]: com.pastdev.httpcomponents:
         s.add("com.pastdev.httpcomponents.configuration.JndiConfiguration");
-        
+
+        // [databind#2826], [databind#2827]
+        s.add("com.nqadmin.rowset.JdbcRowSetImpl");
+        s.add("org.arrah.framework.rdbms.UpdatableJdbcRowsetImpl");
+
         DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
     }