CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
CVE-2026-25923 (GCVE-0-2026-25923)
Vulnerability from cvelistv5 – Published: 2026-02-09 21:56 – Updated: 2026-02-11 21:20| URL | Tags |
|---|---|
| https://github.com/My-Little-Forum/mylittleforum/… | x_refsource_CONFIRM |
| https://github.com/My-Little-Forum/mylittleforum/… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| My-Little-Forum | mylittleforum |
Affected:
< 20260208.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25923",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T21:20:19.689679Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T21:20:25.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mylittleforum",
"vendor": "My-Little-Forum",
"versions": [
{
"status": "affected",
"version": "\u003c 20260208.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the phar:// protocol in URL validation, allowing attackers to upload a malicious Phar Polyglot file (disguised as JPEG) via the image upload feature, trigger Phar deserialization through BBCode [img] tag processing, and exploit Smarty 4.1.0 POP chain to achieve arbitrary file deletion. This vulnerability is fixed in 20260208.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T21:56:02.862Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/My-Little-Forum/mylittleforum/security/advisories/GHSA-wr9p-3c3g-78fw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/My-Little-Forum/mylittleforum/security/advisories/GHSA-wr9p-3c3g-78fw"
},
{
"name": "https://github.com/My-Little-Forum/mylittleforum/releases/tag/20260208.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/My-Little-Forum/mylittleforum/releases/tag/20260208.1"
}
],
"source": {
"advisory": "GHSA-wr9p-3c3g-78fw",
"discovery": "UNKNOWN"
},
"title": "Phar Deserialization leading to Arbitrary File Deletion in my little forum"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25923",
"datePublished": "2026-02-09T21:56:02.862Z",
"dateReserved": "2026-02-09T16:22:17.785Z",
"dateUpdated": "2026-02-11T21:20:25.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25925 (GCVE-0-2026-25925)
Vulnerability from cvelistv5 – Published: 2026-02-09 21:59 – Updated: 2026-02-11 21:22- CWE-502 - Deserialization of Untrusted Data
| URL | Tags |
|---|---|
| https://github.com/modery/PowerDocu/security/advi… | x_refsource_CONFIRM |
| https://github.com/modery/PowerDocu/releases/tag/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25925",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T21:22:37.654118Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T21:22:45.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PowerDocu",
"vendor": "modery",
"versions": [
{
"status": "affected",
"version": "\u003c 2.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PowerDocu contains a Windows GUI executable to perform technical documentations. Prior to 2.4.0, PowerDocu contains a critical security vulnerability in how it parses JSON files within Flow or App packages. The application blindly trusts the $type property in JSON files, allowing an attacker to instantiate arbitrary .NET objects and execute code. This vulnerability is fixed in 2.4.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T21:59:08.335Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/modery/PowerDocu/security/advisories/GHSA-m8j2-5jr7-2jpw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/modery/PowerDocu/security/advisories/GHSA-m8j2-5jr7-2jpw"
},
{
"name": "https://github.com/modery/PowerDocu/releases/tag/v-2.4.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/modery/PowerDocu/releases/tag/v-2.4.0"
}
],
"source": {
"advisory": "GHSA-m8j2-5jr7-2jpw",
"discovery": "UNKNOWN"
},
"title": "PowerDocu Affected by Remote Code Execution via Insecure Deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25925",
"datePublished": "2026-02-09T21:59:08.335Z",
"dateReserved": "2026-02-09T16:22:17.785Z",
"dateUpdated": "2026-02-11T21:22:45.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2599 (GCVE-0-2026-2599)
Vulnerability from cvelistv5 – Published: 2026-03-05 12:26 – Updated: 2026-04-08 17:02- CWE-502 - Deserialization of Untrusted Data
| Vendor | Product | Version | |
|---|---|---|---|
| crmperks | Database for Contact Form 7, WPforms, Elementor forms |
Affected:
0 , ≤ 1.4.7
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2599",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T14:16:16.480815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T14:16:30.810Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Database for Contact Form 7, WPforms, Elementor forms",
"vendor": "crmperks",
"versions": [
{
"lessThanOrEqual": "1.4.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chiao-Lin Yu"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the \u0027download_csv\u0027 function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:02:18.125Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7a116f28-a560-4b54-9cd1-f1dd9ac3238d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/contact-form-entries/trunk/contact-form-entries.php#L3016"
},
{
"url": "https://plugins.trac.wordpress.org/browser/contact-form-entries/trunk/contact-form-entries.php#L2972"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3474882/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-16T20:59:14.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-03-04T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Database for Contact Form 7, WPforms, Elementor forms \u003c= 1.4.7 - Unauthenticated PHP Object Injection via \u0027download_csv\u0027"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-2599",
"datePublished": "2026-03-05T12:26:06.155Z",
"dateReserved": "2026-02-16T20:39:16.486Z",
"dateUpdated": "2026-04-08T17:02:18.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26114 (GCVE-0-2026-26114)
Vulnerability from cvelistv5 – Published: 2026-03-10 17:05 – Updated: 2026-06-19 18:17- CWE-502 - Deserialization of Untrusted Data
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Affected:
16.0.0 , < 16.0.5543.1000
(custom)
|
|
| Microsoft | Microsoft SharePoint Server 2019 |
Affected:
16.0.0 , < 16.0.10417.20102
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26114",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T03:55:53.796Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Enterprise Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5543.1000",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.10417.20102",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "16.0.5543.1000",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.10417.20102",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-19T18:17:47.931Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft SharePoint Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26114"
}
],
"title": "Microsoft SharePoint Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-26114",
"datePublished": "2026-03-10T17:05:04.827Z",
"dateReserved": "2026-02-11T15:52:13.910Z",
"dateUpdated": "2026-06-19T18:17:47.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26142 (GCVE-0-2026-26142)
Vulnerability from cvelistv5 – Published: 2026-06-09 17:05 – Updated: 2026-07-08 23:23- CWE-502 - Deserialization of Untrusted Data
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26142",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T14:25:12.399806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T14:31:57.026Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Nuance PowerScribe 360 4.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.11.49",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe 360 version 4.0.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.111.68",
"status": "affected",
"version": "4.0.1",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe 360 version 4.0.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.154.18",
"status": "affected",
"version": "4.0.2",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe 360 version 4.0.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.197.10",
"status": "affected",
"version": "4.0.3",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe 360 version 4.0.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.212.10",
"status": "affected",
"version": "4.0.4",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe 360 version 4.0.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.243.19",
"status": "affected",
"version": "4.0.5",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe 360 version 4.0.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.277.28",
"status": "affected",
"version": "4.0.6",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe 360 version 4.0.7",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.316.12",
"status": "affected",
"version": "4.0.7",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe 360 version 4.0.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.427.15",
"status": "affected",
"version": "4.0.8",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe 360 version 4.0.9",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.528.24",
"status": "affected",
"version": "4.0.9",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe One version 2019.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2019.1.96.6",
"status": "affected",
"version": "2019.1",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe One version 2019.10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2019.10.36.14",
"status": "affected",
"version": "2019.10",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe One version 2019.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2019.2.9.11",
"status": "affected",
"version": "2019.2",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe One version 2019.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2019.3.16.21",
"status": "affected",
"version": "2019.3",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe One version 2019.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2019.4.9.17",
"status": "affected",
"version": "2019.4",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe One version 2019.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2019.5.14.40",
"status": "affected",
"version": "2019.5",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe One version 2019.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2019.6.36.40",
"status": "affected",
"version": "2019.6",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe One version 2019.7",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2019.7.107.26",
"status": "affected",
"version": "2019.7",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe One version 2019.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2019.8.43.19",
"status": "affected",
"version": "2019.8",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe One version 2019.9",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2019.9.31.23",
"status": "affected",
"version": "2019.9",
"versionType": "custom"
}
]
},
{
"product": "PowerScribe One version 2023.1 SP2 Patch 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2023.2.3054",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"product": "PowerScribe One version 2023.1 SP3 Patch 6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2023.3.9072",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_360:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.243.19",
"versionStartIncluding": "4.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_360:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.277.28",
"versionStartIncluding": "4.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_360:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.316.12",
"versionStartIncluding": "4.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_360:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.427.15",
"versionStartIncluding": "4.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_360:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.528.24",
"versionStartIncluding": "4.0.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2019.1.96.6",
"versionStartIncluding": "2019.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2019.2.9.11",
"versionStartIncluding": "2019.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2019.3.16.21",
"versionStartIncluding": "2019.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_360:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.11.49",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_360:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.111.68",
"versionStartIncluding": "4.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_360:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.154.18",
"versionStartIncluding": "4.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_360:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.197.10",
"versionStartIncluding": "4.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_360:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.212.10",
"versionStartIncluding": "4.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2019.4.9.17",
"versionStartIncluding": "2019.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2019.5.14.40",
"versionStartIncluding": "2019.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2019.6.36.40",
"versionStartIncluding": "2019.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2019.7.107.26",
"versionStartIncluding": "2019.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2019.8.43.19",
"versionStartIncluding": "2019.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2019.9.31.23",
"versionStartIncluding": "2019.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2019.10.36.14",
"versionStartIncluding": "2019.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.2.3054",
"versionStartIncluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.3.9072",
"versionStartIncluding": "2023.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-06-09T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T23:23:34.302Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Nuance PowerScribe Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26142"
}
],
"title": "Nuance PowerScribe Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-26142",
"datePublished": "2026-06-09T17:05:17.903Z",
"dateReserved": "2026-02-11T16:24:51.134Z",
"dateUpdated": "2026-07-08T23:23:34.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26208 (GCVE-0-2026-26208)
Vulnerability from cvelistv5 – Published: 2026-02-13 18:48 – Updated: 2026-02-13 19:21- CWE-502 - Deserialization of Untrusted Data
| URL | Tags |
|---|---|
| https://github.com/Alex4SSB/ADB-Explorer/security… | x_refsource_CONFIRM |
| https://github.com/Alex4SSB/ADB-Explorer/issues/294 | x_refsource_MISC |
| https://github.com/Alex4SSB/ADB-Explorer/commit/7… | x_refsource_MISC |
| https://github.com/Alex4SSB/ADB-Explorer/releases… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Alex4SSB | ADB-Explorer |
Affected:
< Beta 0.9.26020
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26208",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-13T19:21:34.740562Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T19:21:56.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ADB-Explorer",
"vendor": "Alex4SSB",
"versions": [
{
"status": "affected",
"version": "\u003c Beta 0.9.26020"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ADB Explorer is a fluent UI for ADB on Windows. Prior to Beta 0.9.26020, ADB Explorer is vulnerable to Insecure Deserialization leading to Remote Code Execution. The application attempts to deserialize the App.txt settings file using Newtonsoft.Json with TypeNameHandling set to Objects. This allows an attacker to supply a crafted JSON file containing a gadget chain (e.g., ObjectDataProvider) to execute arbitrary code when the application launches and subsequently saves its settings. This vulnerability is fixed in Beta 0.9.26020."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T18:48:56.398Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Alex4SSB/ADB-Explorer/security/advisories/GHSA-49qx-wpxj-p4mh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Alex4SSB/ADB-Explorer/security/advisories/GHSA-49qx-wpxj-p4mh"
},
{
"name": "https://github.com/Alex4SSB/ADB-Explorer/issues/294",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Alex4SSB/ADB-Explorer/issues/294"
},
{
"name": "https://github.com/Alex4SSB/ADB-Explorer/commit/776f132cede86e1405520f2a28c78276dda5ab5a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Alex4SSB/ADB-Explorer/commit/776f132cede86e1405520f2a28c78276dda5ab5a"
},
{
"name": "https://github.com/Alex4SSB/ADB-Explorer/releases/tag/v0.9.26020",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Alex4SSB/ADB-Explorer/releases/tag/v0.9.26020"
}
],
"source": {
"advisory": "GHSA-49qx-wpxj-p4mh",
"discovery": "UNKNOWN"
},
"title": "ADB Explorer Vulnerable to Remote Code Execution via Insecure Deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26208",
"datePublished": "2026-02-13T18:48:56.398Z",
"dateReserved": "2026-02-11T19:56:24.814Z",
"dateUpdated": "2026-02-13T19:21:56.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26210 (GCVE-0-2026-26210)
Vulnerability from cvelistv5 – Published: 2026-04-23 21:24 – Updated: 2026-06-23 16:13- CWE-502 - Deserialization of Untrusted Data
| URL | Tags |
|---|---|
| https://chocapikk.com/posts/2026/ktransformers-pi… | technical-descriptionexploit |
| https://github.com/kvcache-ai/ktransformers/pull/1944 | issue-tracking |
| https://www.vulncheck.com/advisories/ktransformer… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| kvcache-ai | ktransformers |
Affected:
0 , ≤ 0.5.3
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26210",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-24T14:02:53.606000Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T14:03:42.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ktransformers",
"repo": "https://github.com/kvcache-ai/ktransformers",
"vendor": "kvcache-ai",
"versions": [
{
"lessThanOrEqual": "0.5.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Valentin Lobstein (Chocapikk)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads() without validation. Attackers can send a crafted pickle payload to the exposed ZMQ socket to execute arbitrary code on the server with the privileges of the ktransformers process.\u003cbr\u003e"
}
],
"value": "KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads() without validation. Attackers can send a crafted pickle payload to the exposed ZMQ socket to execute arbitrary code on the server with the privileges of the ktransformers process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T16:13:57.324Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://chocapikk.com/posts/2026/ktransformers-pickle-rce/"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/kvcache-ai/ktransformers/pull/1944"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/ktransformers-unsafe-deserialization-rce-via-balance-serve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "KTransformers Unsafe Deserialization RCE via balance_serve",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-26210",
"datePublished": "2026-04-23T21:24:48.641Z",
"dateReserved": "2026-02-11T20:08:07.941Z",
"dateUpdated": "2026-06-23T16:13:57.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26215 (GCVE-0-2026-26215)
Vulnerability from cvelistv5 – Published: 2026-02-11 22:18 – Updated: 2026-06-23 16:13- CWE-502 - Deserialization of Untrusted Data
| URL | Tags |
|---|---|
| https://chocapikk.com/posts/2026/manga-image-tran… | technical-descriptionexploit |
| https://github.com/zyddnys/manga-image-translator… | issue-tracking |
| https://github.com/zyddnys/manga-image-translator… | issue-tracking |
| https://github.com/zyddnys/manga-image-translator… | product |
| https://github.com/zyddnys/manga-image-translator… | product |
| https://www.vulncheck.com/advisories/manga-image-… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| zyddnys | manga-image-translator |
Affected:
0 , ≤ beta-0.3
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26215",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-12T15:00:51.578516Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T15:01:45.298Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"packageName": "manga-image-translator",
"product": "manga-image-translator",
"repo": "https://github.com/zyddnys/manga-image-translator",
"vendor": "zyddnys",
"versions": [
{
"lessThanOrEqual": "beta-0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Valentin Lobstein (Chocapikk)"
},
{
"lang": "en",
"type": "finder",
"value": "sud0why of Tencent YunDing Security Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "manga-image-translator version\u0026nbsp;beta-0.3 and prior in shared API mode contains an unsafe deserialization vulnerability that can lead to unauthenticated remote code execution. The FastAPI endpoints /simple_execute/{method} and /execute/{method} deserialize attacker-controlled request bodies using pickle.loads() without validation. Although a nonce-based authorization check is intended to restrict access, the nonce defaults to an empty string and the check is skipped, allowing remote attackers to execute arbitrary code in the server context by sending a crafted pickle payload."
}
],
"value": "manga-image-translator version\u00a0beta-0.3 and prior in shared API mode contains an unsafe deserialization vulnerability that can lead to unauthenticated remote code execution. The FastAPI endpoints /simple_execute/{method} and /execute/{method} deserialize attacker-controlled request bodies using pickle.loads() without validation. Although a nonce-based authorization check is intended to restrict access, the nonce defaults to an empty string and the check is skipped, allowing remote attackers to execute arbitrary code in the server context by sending a crafted pickle payload."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T16:13:58.017Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://chocapikk.com/posts/2026/manga-image-translator-pickle-rce/"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/zyddnys/manga-image-translator/issues/1116"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/zyddnys/manga-image-translator/issues/946"
},
{
"tags": [
"product"
],
"url": "https://github.com/zyddnys/manga-image-translator/blob/a537cb12b41daf2065795058c2753d87e73fa0fe/manga_translator/mode/share.py#L112"
},
{
"tags": [
"product"
],
"url": "https://github.com/zyddnys/manga-image-translator/blob/a537cb12b41daf2065795058c2753d87e73fa0fe/manga_translator/mode/share.py#L130"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/manga-image-translator-shared-api-unsafe-deserialization-rce"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "manga-image-translator Shared API Unsafe Deserialization RCE",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSet the MT_WEB_NONCE environment variable or pass --nonce=\u0026lt;secret\u0026gt; at startup.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Set the MT_WEB_NONCE environment variable or pass --nonce=\u003csecret\u003e at startup."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-26215",
"datePublished": "2026-02-11T22:18:39.304Z",
"dateReserved": "2026-02-11T20:08:07.943Z",
"dateUpdated": "2026-06-23T16:13:58.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26220 (GCVE-0-2026-26220)
Vulnerability from cvelistv5 – Published: 2026-02-17 01:52 – Updated: 2026-06-23 16:14- CWE-502 - Deserialization of Untrusted Data
| URL | Tags |
|---|---|
| https://chocapikk.com/posts/2026/lightllm-pickle-rce/ | technical-descriptionexploit |
| https://github.com/ModelTC/LightLLM/issues/1213 | issue-tracking |
| https://lightllm-en.readthedocs.io/en/latest/index.html | product |
| https://github.com/ModelTC/lightllm/blob/a27dfc88… | product |
| https://github.com/ModelTC/lightllm/blob/a27dfc88… | product |
| https://www.vulncheck.com/advisories/lightllm-pd-… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26220",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:37:33.792813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:37:46.080Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"packageName": "LightLLM",
"product": "LightLLM",
"repo": "https://github.com/ModelTC/lightllm",
"vendor": "ModelTC",
"versions": [
{
"lessThanOrEqual": "1.1.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Valentin Lobstein (Chocapikk)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "LightLLM version 1.1.0 and prior contain an unauthenticated remote code execution vulnerability in PD (prefill-decode) disaggregation mode. The PD master node exposes WebSocket endpoints that receive binary frames and pass the data directly to pickle.loads() without authentication or validation. A remote attacker who can reach the PD master can send a crafted payload to achieve arbitrary code execution."
}
],
"value": "LightLLM version 1.1.0 and prior contain an unauthenticated remote code execution vulnerability in PD (prefill-decode) disaggregation mode. The PD master node exposes WebSocket endpoints that receive binary frames and pass the data directly to pickle.loads() without authentication or validation. A remote attacker who can reach the PD master can send a crafted payload to achieve arbitrary code execution."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T16:14:00.037Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://chocapikk.com/posts/2026/lightllm-pickle-rce/"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/ModelTC/LightLLM/issues/1213"
},
{
"tags": [
"product"
],
"url": "https://lightllm-en.readthedocs.io/en/latest/index.html"
},
{
"tags": [
"product"
],
"url": "https://github.com/ModelTC/lightllm/blob/a27dfc88c2144ed51a6e160b6fbe20aad66c8fe0/lightllm/server/api_http.py#L310"
},
{
"tags": [
"product"
],
"url": "https://github.com/ModelTC/lightllm/blob/a27dfc88c2144ed51a6e160b6fbe20aad66c8fe0/lightllm/server/api_http.py#L331"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/lightllm-pd-mode-unsafe-deserialization-rce"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "LightLLM \u003c= 1.1.0 PD Mode Unsafe Deserialization RCE",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-26220",
"datePublished": "2026-02-17T01:52:03.650Z",
"dateReserved": "2026-02-11T20:08:07.944Z",
"dateUpdated": "2026-06-23T16:14:00.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26221 (GCVE-0-2026-26221)
Vulnerability from cvelistv5 – Published: 2026-02-13 15:21 – Updated: 2026-05-25 23:41- CWE-502 - Deserialization of Untrusted Data
| URL | Tags |
|---|---|
| https://www.hyland.com/en/solutions/products/onbase | product |
| https://community.hyland.com/resources/bulletins-… | vendor-advisorymitigationpermissions-required |
| https://www.vulncheck.com/advisories/hyland-onbas… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Hyland | OnBase Workflow Timer Service |
Affected:
8.0 , ≤ 17.0.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26221",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-13T15:37:28.328195Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T15:37:35.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Hyland.Core.Workflow.NTService.exe"
],
"product": "OnBase Workflow Timer Service",
"vendor": "Hyland",
"versions": [
{
"lessThanOrEqual": "17.0.0",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hyland:onbase:*:*:*:*:*:*:*:*",
"versionEndIncluding": "17.0.0",
"versionStartIncluding": "8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Victor A. Morales, Senior Pentester Team Leader, GM Sectec, Corp."
},
{
"lang": "en",
"type": "coordinator",
"value": "VulnCheck"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service (Hyland.Core.Workflow.NTService.exe). An attacker who can reach the service can send crafted .NET Remoting requests to default HTTP channel endpoints on TCP/8900 (e.g., TimerServiceAPI.rem and TimerServiceEvents.rem for Workflow) to trigger unsafe object unmarshalling, enabling arbitrary file read/write. By writing attacker-controlled content into web-accessible locations or chaining with other OnBase features, this can lead to remote code execution. The same primitive can be abused by supplying a UNC path to coerce outbound NTLM authentication (SMB coercion) to an attacker-controlled host."
}
],
"value": "Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service (Hyland.Core.Workflow.NTService.exe). An attacker who can reach the service can send crafted .NET Remoting requests to default HTTP channel endpoints on TCP/8900 (e.g., TimerServiceAPI.rem and TimerServiceEvents.rem for Workflow) to trigger unsafe object unmarshalling, enabling arbitrary file read/write. By writing attacker-controlled content into web-accessible locations or chaining with other OnBase features, this can lead to remote code execution. The same primitive can be abused by supplying a UNC path to coerce outbound NTLM authentication (SMB coercion) to an attacker-controlled host."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T23:41:44.966Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.hyland.com/en/solutions/products/onbase"
},
{
"tags": [
"vendor-advisory",
"mitigation",
"permissions-required"
],
"url": "https://community.hyland.com/resources/bulletins-and-notices/223223-security-update-onbase-workflow-timer-service-bulletin-ob2025-03"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/hyland-onbase-timer-services-unauthenticated-net-remoting-rce"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Hyland OnBase Timer Service Unauthenticated .NET Remoting RCE",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "It is recommended that customers immediately convert to the in-servicing module, Unity Scheduler, and uninstall the Workflow Timer Service (Hyland.Core.Workflow.NTService.exe). Starting with OnBase 16, Unity Scheduler is the recommended replacement. It is recommended customers using versions prior to 16 upgrade to an in-servicing release of OnBase and leverage Unity Scheduler.\u003cbr\u003e"
}
],
"value": "It is recommended that customers immediately convert to the in-servicing module, Unity Scheduler, and uninstall the Workflow Timer Service (Hyland.Core.Workflow.NTService.exe). Starting with OnBase 16, Unity Scheduler is the recommended replacement. It is recommended customers using versions prior to 16 upgrade to an in-servicing release of OnBase and leverage Unity Scheduler."
}
],
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-26221",
"datePublished": "2026-02-13T15:21:48.928Z",
"dateReserved": "2026-02-11T20:08:07.945Z",
"dateUpdated": "2026-05-25T23:41:44.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phases: Architecture and Design, Implementation
Description:
- If available, use the signing/sealing features of the programming language to assure that deserialized data has not been tainted. For example, a hash-based message authentication code (HMAC) could be used to ensure that data has not been modified.
Mitigation
Phase: Implementation
Description:
- When deserializing data, populate a new object rather than just deserializing. The result is that the data flows through safe input validation and that the functions are safe.
Mitigation
Phase: Implementation
Description:
- Explicitly define a final object() to prevent deserialization.
Mitigation
Phases: Architecture and Design, Implementation
Description:
- Make fields transient to protect them from deserialization.
- An attempt to serialize and then deserialize a class containing transient fields will result in NULLs where the transient data should be. This is an excellent way to prevent time, environment-based, or sensitive variables from being carried over and used improperly.
Mitigation
Phase: Implementation
Description:
- Avoid having unnecessary types or gadgets (a sequence of instances and method invocations that can self-execute during the deserialization process, often found in libraries) available that can be leveraged for malicious ends. This limits the potential for unintended or unauthorized types and gadgets to be leveraged by the attacker. Add only acceptable classes to an allowlist. Note: new gadgets are constantly being discovered, so this alone is not a sufficient mitigation.
Mitigation
Phases: Architecture and Design, Implementation
Description:
- Employ cryptography of the data or code for protection. However, it's important to note that it would still be client-side security. This is risky because if the client is compromised then the security implemented on the client (the cryptography) can be bypassed.
Mitigation ID: MIT-29
Phase: Operation
Strategy: Firewall
Description:
- Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].
CAPEC-586: Object Injection
An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.