CVE-2026-27369

HIGH
2026-03-05 [email protected]
8.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:06 vuln.today
CVE Published
Mar 05, 2026 - 06:16 nvd
HIGH 8.1

Tags

Deserialization

Description

Deserialization of Untrusted Data vulnerability in BoldThemes Celeste celeste allows Object Injection.This issue affects Celeste: from n/a through <= 1.3.6.

Analysis

BoldThemes Celeste versions 1.3.6 and earlier are vulnerable to unsafe deserialization that enables arbitrary object injection attacks over the network without authentication. An attacker can exploit this to achieve remote code execution or other malicious operations on affected systems. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Identify all systems running Celeste theme and isolate them or restrict external access if possible; enable enhanced logging and monitoring for suspicious activity. Within 7 days: Implement WAF rules to block malicious serialized object patterns and POST requests to vulnerable endpoints; consider disabling theme features that process user input if operationally feasible. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

41
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +40
POC: 0

Share

CVE-2026-27369 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy