Skip to main content

Pendulum

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-25359 HIGH PATCH This Week

A deserialization of untrusted data vulnerability exists in Pendulum (a PHP datetime library) versions prior to 3.1.5, allowing attackers to perform object injection attacks. The vulnerability affects the rascals Pendulum library through unvalidated deserialization of user-supplied data. An attacker can exploit this to instantiate arbitrary PHP objects, potentially leading to remote code execution or other malicious outcomes depending on the application's gadget chain availability.

Deserialization Pendulum
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-25359
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A deserialization of untrusted data vulnerability exists in Pendulum (a PHP datetime library) versions prior to 3.1.5, allowing attackers to perform object injection attacks. The vulnerability affects the rascals Pendulum library through unvalidated deserialization of user-supplied data. An attacker can exploit this to instantiate arbitrary PHP objects, potentially leading to remote code execution or other malicious outcomes depending on the application's gadget chain availability.

Deserialization Pendulum
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy