CVE-2026-1286
Deserialization of Untrusted Data (CWE-502)
2026-03-10
cybersecurity@se.com
Lifecycle Timeline
2
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Mar 10, 2026 - 18:18 nvd
N/A
DescriptionCVE.org
CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when an admin authenticated user opens a malicious project file.
Analysis
CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when an admin authenticated user opens a malicious project file.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Vulnerability AssessmentAI
| Risk Assessment | Exploitation requires authentication. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A remote attacker (requires authentication) could exploit this vulnerability to loss of confidentiality, integrity and potential remote code execution on workst. |
| Remediation | Monitor vendor advisories for a patch. Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).