CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
CVE-2026-7584 (GCVE-0-2026-7584)
Vulnerability from cvelistv5 – Published: 2026-05-01 07:21 – Updated: 2026-05-01 13:26- CWE-502 - Deserialization of Untrusted Data
| URL | Tags |
|---|---|
| https://www.zhinst.com/support/security/2026/zi-s… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Zurich Instruments | LabOne Q |
Affected:
2.41.0 , < 26.1.2
(python)
Affected: 26.4.0b1 , ≤ 26.4.0b5 (python) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-01T13:26:46.982666Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T13:26:59.075Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.org/project/laboneq/",
"defaultStatus": "unaffected",
"packageName": "laboneq",
"product": "LabOne Q",
"vendor": "Zurich Instruments",
"versions": [
{
"lessThan": "26.1.2",
"status": "affected",
"version": "2.41.0",
"versionType": "python"
},
{
"lessThanOrEqual": "26.4.0b5",
"status": "affected",
"version": "26.4.0b1",
"versionType": "python"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe LabOne Q serialization framework uses a class-loading mechanism (import_cls) to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target class or restriction on which modules could be imported. An attacker can craft a serialized experiment file that causes the deserialization engine to import and instantiate arbitrary Python classes with attacker-controlled constructor arguments, resulting in arbitrary code execution in the context of the user running the Python process. Exploitation requires the victim to load a malicious file using LabOne Q\u0027s deserialization functions, for example a compromised experiment file shared for collaboration or support purposes.\u003c/p\u003e"
}
],
"value": "The LabOne Q serialization framework uses a class-loading mechanism (import_cls) to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target class or restriction on which modules could be imported. An attacker can craft a serialized experiment file that causes the deserialization engine to import and instantiate arbitrary Python classes with attacker-controlled constructor arguments, resulting in arbitrary code execution in the context of the user running the Python process. Exploitation requires the victim to load a malicious file using LabOne Q\u0027s deserialization functions, for example a compromised experiment file shared for collaboration or support purposes."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T07:21:18.781Z",
"orgId": "455daabc-a392-441d-aa46-37d35189897c",
"shortName": "NCSC.ch"
},
"references": [
{
"name": "ZI-SA-2026-002",
"tags": [
"vendor-advisory"
],
"url": "https://www.zhinst.com/support/security/2026/zi-sa-2026-002/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate LabOne Q to version 26.1.2 (security backport on the 26.1.x line) or to 26.4.0 or later. The package can be updated via `pip install --upgrade laboneq`.\u003c/p\u003e"
}
],
"value": "Update LabOne Q to version 26.1.2 (security backport on the 26.1.x line) or to 26.4.0 or later. The package can be updated via `pip install --upgrade laboneq`."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Arbitrary Code Execution via Unsafe Deserialization in LabOne Q",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDo not load untrusted experiment files: only deserialize experiment files (JSON, YAML) that originate from a trusted source. Treat serialized experiment files with the same caution as executable scripts.\u003c/p\u003e\u003cp\u003eValidate file provenance: when receiving experiment files from external parties (e.g. for support or collaboration), verify their origin before loading them.\u003c/p\u003e\u003cp\u003eAudit serialized files: before loading, inspect serialized experiment files and verify that only trusted classes are listed as deserializers.\u003c/p\u003e"
}
],
"value": "Do not load untrusted experiment files: only deserialize experiment files (JSON, YAML) that originate from a trusted source. Treat serialized experiment files with the same caution as executable scripts.\n\n\n\nValidate file provenance: when receiving experiment files from external parties (e.g. for support or collaboration), verify their origin before loading them.\n\n\n\nAudit serialized files: before loading, inspect serialized experiment files and verify that only trusted classes are listed as deserializers."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
"assignerShortName": "NCSC.ch",
"cveId": "CVE-2026-7584",
"datePublished": "2026-05-01T07:21:18.781Z",
"dateReserved": "2026-05-01T07:14:23.592Z",
"dateUpdated": "2026-05-01T13:26:59.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7597 (GCVE-0-2026-7597)
Vulnerability from cvelistv5 – Published: 2026-05-01 21:15 – Updated: 2026-05-05 19:45 X_Open Source| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360550 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360550/cti | signaturepermissions-required |
| https://vuldb.com/submit/805562 | third-party-advisory |
| https://github.com/mem0ai/mem0/issues/3778 | exploitissue-tracking |
| https://github.com/mem0ai/mem0/pull/4833 | issue-trackingpatch |
| https://github.com/mem0ai/mem0/commit/62dca096f92… | patch |
| https://github.com/mem0ai/mem0/ | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7597",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-04T15:02:27.837471Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T19:45:33.404Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/submit/805562"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mem0",
"vendor": "mem0ai",
"versions": [
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.2"
},
{
"status": "affected",
"version": "1.0.3"
},
{
"status": "affected",
"version": "1.0.4"
},
{
"status": "affected",
"version": "1.0.5"
},
{
"status": "affected",
"version": "1.0.6"
},
{
"status": "affected",
"version": "1.0.7"
},
{
"status": "affected",
"version": "1.0.8"
},
{
"status": "affected",
"version": "1.0.9"
},
{
"status": "affected",
"version": "1.0.10"
},
{
"status": "affected",
"version": "1.0.11"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "edoardottt (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vector_stores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The patch is named 62dca096f9236010ca15fea9ba369ba740b86b7a. Applying a patch is the recommended action to fix this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T21:15:11.399Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360550 | mem0ai mem0 faiss.py pickle.dump deserialization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360550"
},
{
"name": "VDB-360550 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360550/cti"
},
{
"name": "Submit #805562 | Mem0 \u003c= v1.0.11 Unsafe Deserialization",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/805562"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mem0ai/mem0/issues/3778"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/mem0ai/mem0/pull/4833"
},
{
"tags": [
"patch"
],
"url": "https://github.com/mem0ai/mem0/commit/62dca096f9236010ca15fea9ba369ba740b86b7a"
},
{
"tags": [
"product"
],
"url": "https://github.com/mem0ai/mem0/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-05-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-01T11:57:30.000Z",
"value": "VulDB entry last update"
}
],
"title": "mem0ai mem0 faiss.py pickle.dump deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7597",
"datePublished": "2026-05-01T21:15:11.399Z",
"dateReserved": "2026-05-01T09:52:26.382Z",
"dateUpdated": "2026-05-05T19:45:33.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7635 (GCVE-0-2026-7635)
Vulnerability from cvelistv5 – Published: 2026-05-13 04:26 – Updated: 2026-05-13 10:22- CWE-502 - Deserialization of Untrusted Data
| Vendor | Product | Version | |
|---|---|---|---|
| gdragon | coreActivity: Activity Logging for WordPress |
Affected:
0 , ≤ 3.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T10:08:41.178256Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T10:22:54.152Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "coreActivity: Activity Logging for WordPress",
"vendor": "gdragon",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Duong Quang Hao"
},
{
"lang": "en",
"type": "finder",
"value": "Thai Son Dinh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0. This is due to the plugin failing to validate or strip PHP serialization syntax from the User-Agent HTTP header before storing it in the logmeta table, and subsequently calling `maybe_unserialize()` on every retrieved `meta_value` in `query_metas()` without verifying the data was originally serialized by the application. This makes it possible for unauthenticated attackers to inject a crafted PHP serialized payload via the User-Agent header during any logged event (such as a failed login attempt), which, when an administrator views the Logs page, is deserialized and passed to `DeviceDetector::setUserAgent()`, triggering a Fatal TypeError that creates a persistent Denial of Service condition blocking administrator access to the Logs page entirely."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T04:26:39.499Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/59f30135-6dd9-4367-90a9-a10ad491357d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/coreactivity/trunk/vendor/dev4press/library/dev4press/wordpress/admin/Table.php#L290"
},
{
"url": "https://plugins.trac.wordpress.org/browser/coreactivity/tags/3.0/vendor/dev4press/library/dev4press/wordpress/admin/Table.php#L290"
},
{
"url": "https://plugins.trac.wordpress.org/browser/coreactivity/trunk/core/log/Core.php#L252"
},
{
"url": "https://plugins.trac.wordpress.org/browser/coreactivity/tags/3.0/core/log/Core.php#L252"
},
{
"url": "https://plugins.trac.wordpress.org/browser/coreactivity/trunk/vendor/dev4press/library/dev4press/core/plugins/DBLite.php#L268"
},
{
"url": "https://plugins.trac.wordpress.org/browser/coreactivity/tags/3.0/vendor/dev4press/library/dev4press/core/plugins/DBLite.php#L268"
},
{
"url": "https://plugins.trac.wordpress.org/browser/coreactivity/trunk/core/table/Logs.php#L161"
},
{
"url": "https://plugins.trac.wordpress.org/browser/coreactivity/tags/3.0/core/table/Logs.php#L161"
},
{
"url": "https://plugins.trac.wordpress.org/browser/coreactivity/trunk/core/log/Device.php#L35"
},
{
"url": "https://plugins.trac.wordpress.org/browser/coreactivity/tags/3.0/core/log/Device.php#L35"
},
{
"url": "https://github.com/dev4press/coreactivity/pull/3/changes/1f09331d66de7cf4bba9b6e396b0d4e7597fcde2"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-02T23:24:59.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-05-12T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "coreActivity: Activity Logging for WordPress \u003c= 3.0 - Unauthenticated PHP Object Injection via \u0027user_agent\u0027 Log Meta Field"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-7635",
"datePublished": "2026-05-13T04:26:39.499Z",
"dateReserved": "2026-05-01T15:23:35.095Z",
"dateUpdated": "2026-05-13T10:22:54.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7637 (GCVE-0-2026-7637)
Vulnerability from cvelistv5 – Published: 2026-05-20 02:27 – Updated: 2026-05-20 12:47- CWE-502 - Deserialization of Untrusted Data
| Vendor | Product | Version | |
|---|---|---|---|
| PixelYourSite | Boost |
Affected:
0 , ≤ 2.0.3
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7637",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T12:47:17.759314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T12:47:24.288Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Boost",
"vendor": "PixelYourSite",
"versions": [
{
"lessThanOrEqual": "2.0.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Osvaldo Noe Gonzalez Del Rio"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOST_USER_LOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T02:27:48.485Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e391f560-2037-4180-a77e-1731524a318c?source=cve"
},
{
"url": "https://www.pixelyoursite.com/boost-plugin"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-19T13:55:11.000Z",
"value": "Disclosed"
}
],
"title": "Boost \u003c= 2.0.3 - Unauthenticated PHP Object Injection via STYXKEY-BOOST_USER_LOCATION Cookie"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-7637",
"datePublished": "2026-05-20T02:27:48.485Z",
"dateReserved": "2026-05-01T15:30:51.110Z",
"dateUpdated": "2026-05-20T12:47:24.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7647 (GCVE-0-2026-7647)
Vulnerability from cvelistv5 – Published: 2026-05-02 05:29 – Updated: 2026-05-04 12:48- CWE-502 - Deserialization of Untrusted Data
| Vendor | Product | Version | |
|---|---|---|---|
| Cozmoslabs | Profile Builder Pro |
Affected:
0 , ≤ 3.14.5
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7647",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-04T12:48:03.600776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T12:48:13.345Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Profile Builder Pro",
"vendor": "Cozmoslabs",
"versions": [
{
"lessThanOrEqual": "3.14.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mattia Brollo"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP\u0027s maybe_unserialize() function on the attacker-controlled \u0027args\u0027 POST parameter within the wppb_request_users_pins_action_callback() AJAX handler, which lacked any nonce verification, type checking, or input validation before deserialization. Because the handler was registered with both wp_ajax_ and wp_ajax_nopriv_ hooks, it was reachable by completely unauthenticated users. This makes it possible for unauthenticated attackers to inject arbitrary PHP objects into application memory."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-02T05:29:30.319Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c7b897f5-f988-4515-83bc-456f041d7e2e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/profile-builder-pro/trunk/add-ons/user-listing/one-map-listing.php#L271"
},
{
"url": "https://plugins.trac.wordpress.org/browser/profile-builder-pro/tags/3.14.5/add-ons/user-listing/one-map-listing.php#L271"
},
{
"url": "https://plugins.trac.wordpress.org/browser/profile-builder-pro/trunk/add-ons/user-listing/one-map-listing.php#L13"
},
{
"url": "https://plugins.trac.wordpress.org/browser/profile-builder-pro/tags/3.14.5/add-ons/user-listing/one-map-listing.php#L13"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-01T17:10:32.000Z",
"value": "Disclosed"
}
],
"title": "Profile Builder Pro \u003c= 3.14.5 - Unauthenticated PHP Object Injection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-7647",
"datePublished": "2026-05-02T05:29:30.319Z",
"dateReserved": "2026-05-01T17:10:21.145Z",
"dateUpdated": "2026-05-04T12:48:13.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7654 (GCVE-0-2026-7654)
Vulnerability from cvelistv5 – Published: 2026-06-05 22:28 – Updated: 2026-06-06 11:46- CWE-502 - Deserialization of Untrusted Data
| Vendor | Product | Version | |
|---|---|---|---|
| codepress | Admin Columns |
Affected:
0 , ≤ 7.0.18
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7654",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-06T11:36:24.693586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-06T11:46:31.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Admin Columns",
"vendor": "codepress",
"versions": [
{
"lessThanOrEqual": "7.0.18",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Osvaldo Noe Gonzalez Del Rio"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of `unserialize()` without an `allowed_classes` restriction in the `IdsToCollection::get_ids_from_string()` function, which processes attacker-controlled post meta values without proper validation. This makes it possible for authenticated attackers with Contributor-level access and above to inject a serialized PHP object into a post\u0027s custom meta field and trigger arbitrary code execution by exploiting a bundled POP gadget chain, resulting in remote code execution as the web server user."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T22:28:06.814Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/051a3967-ef86-49bc-b72c-23e43568fef6?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/codepress-admin-columns/tags/7.0.16/classes/Formatter/IdsToCollection.php#L42"
},
{
"url": "https://plugins.trac.wordpress.org/browser/codepress-admin-columns/tags/7.0.16/vendor/laravel/serializable-closure/src/Support/ClosureStream.php#L47"
},
{
"url": "https://plugins.trac.wordpress.org/browser/codepress-admin-columns/trunk/classes/Formatter/IdsToCollection.php#L42"
},
{
"url": "https://plugins.trac.wordpress.org/browser/codepress-admin-columns/trunk/classes/Formatter/Meta.php#L34"
},
{
"url": "https://plugins.trac.wordpress.org/browser/codepress-admin-columns/tags/7.0.16/classes/Formatter/Meta.php#L34"
},
{
"url": "https://plugins.trac.wordpress.org/browser/codepress-admin-columns/trunk/vendor/laravel/serializable-closure/src/Serializers/Native.php#L148"
},
{
"url": "https://plugins.trac.wordpress.org/browser/codepress-admin-columns/tags/7.0.16/vendor/laravel/serializable-closure/src/Serializers/Native.php#L148"
},
{
"url": "https://plugins.trac.wordpress.org/browser/codepress-admin-columns/trunk/vendor/laravel/serializable-closure/src/Support/ClosureStream.php#L47"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3553297%40codepress-admin-columns\u0026new=3553297%40codepress-admin-columns\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-22T06:55:21.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-06-05T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Admin Columns \u003c= 7.0.18 - Authenticated (Contributor+) PHP Object Injection to Remote Code Execution via Custom Field Meta Value"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-7654",
"datePublished": "2026-06-05T22:28:06.814Z",
"dateReserved": "2026-05-01T18:30:46.366Z",
"dateUpdated": "2026-06-06T11:46:31.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7712 (GCVE-0-2026-7712)
Vulnerability from cvelistv5 – Published: 2026-05-03 23:45 – Updated: 2026-05-05 00:50| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360888 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360888/cti | signaturepermissions-required |
| https://vuldb.com/submit/806827 | third-party-advisory |
| https://github.com/nn0nkey/JD-Security-SHENYI-Tea… | exploit |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7712",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T00:50:02.087456Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T00:50:34.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"
],
"modules": [
"Pickle Handler"
],
"product": "MindsDB",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "26.01"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "JD Security SHENYI Team (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-03T23:45:16.137Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360888 | MindsDB Pickle pickle.loads deserialization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360888"
},
{
"name": "VDB-360888 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360888/cti"
},
{
"name": "Submit #806827 | https://github.com/mindsdb/mindsdb \u003c=26.01 Remote Code Execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/806827"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/nn0nkey/JD-Security-SHENYI-Team/blob/main/MindsDB_Pickle_RCE.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-03T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-03T09:48:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "MindsDB Pickle pickle.loads deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7712",
"datePublished": "2026-05-03T23:45:16.137Z",
"dateReserved": "2026-05-03T07:43:07.585Z",
"dateUpdated": "2026-05-05T00:50:34.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7858 (GCVE-0-2026-7858)
Vulnerability from cvelistv5 – Published: 2026-06-01 07:45 – Updated: 2026-06-01 13:10- CWE-502 - Deserialization of Untrusted Data
| Vendor | Product | Version | |
|---|---|---|---|
| Dassault Systèmes | Teamwork Cloud - Standard Edition |
Affected:
No Magic Release 2022x Golden , ≤ No Magic Release 2022x Refresh2 HF3
(custom)
Affected: No Magic Release 2024x Golden , ≤ No Magic Release 2024x Refresh3 HF1 (custom) Affected: No Magic Release 2026x Golden , ≤ No Magic Release 2026x Golden HF2 (custom) |
|
| Dassault Systèmes | Teamwork Cloud - Business Edition |
Affected:
No Magic Release 2022x Golden , ≤ No Magic Release 2022x Refresh2 HF3
(custom)
Affected: No Magic Release 2024x Golden , ≤ No Magic Release 2024x Refresh3 HF1 (custom) Affected: No Magic Release 2026x Golden , ≤ No Magic Release 2026x Golden HF2 (custom) |
|
| Dassault Systèmes | Teamwork Cloud - Business Pro Edition |
Affected:
No Magic Release 2022x Golden , ≤ No Magic Release 2022x Refresh2 HF3
(custom)
Affected: No Magic Release 2024x Golden , ≤ No Magic Release 2024x Refresh3 HF1 (custom) Affected: No Magic Release 2026x Golden , ≤ No Magic Release 2026x Golden HF2 (custom) |
|
| Dassault Systèmes | Teamwork Cloud - Enterprise Edition |
Affected:
No Magic Release 2022x Golden , ≤ No Magic Release 2022x Refresh2 HF3
(custom)
Affected: No Magic Release 2024x Golden , ≤ No Magic Release 2024x Refresh3 HF1 (custom) Affected: No Magic Release 2026x Golden , ≤ No Magic Release 2026x Golden HF2 (custom) |
|
| Dassault Systèmes | Magic Collaboration Studio |
Affected:
CATIA Magic Release 2022x Golden , ≤ CATIA Magic Release 2022x Refresh2 HF3
(custom)
Affected: CATIA Magic Release 2024x Golden , ≤ CATIA Magic Release 2024x Refresh3 HF1 (custom) Affected: CATIA Magic Release 2026x Golden , ≤ CATIA Magic Release 2026x Golden HF2 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7858",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T13:10:19.818378Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T13:10:31.858Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Teamwork Cloud - Standard Edition",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "No Magic Release 2022x Refresh2 HF3",
"status": "affected",
"version": "No Magic Release 2022x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2024x Refresh3 HF1",
"status": "affected",
"version": "No Magic Release 2024x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2026x Golden HF2",
"status": "affected",
"version": "No Magic Release 2026x Golden",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Teamwork Cloud - Business Edition",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "No Magic Release 2022x Refresh2 HF3",
"status": "affected",
"version": "No Magic Release 2022x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2024x Refresh3 HF1",
"status": "affected",
"version": "No Magic Release 2024x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2026x Golden HF2",
"status": "affected",
"version": "No Magic Release 2026x Golden",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Teamwork Cloud - Business Pro Edition",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "No Magic Release 2022x Refresh2 HF3",
"status": "affected",
"version": "No Magic Release 2022x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2024x Refresh3 HF1",
"status": "affected",
"version": "No Magic Release 2024x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2026x Golden HF2",
"status": "affected",
"version": "No Magic Release 2026x Golden",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Teamwork Cloud - Enterprise Edition",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "No Magic Release 2022x Refresh2 HF3",
"status": "affected",
"version": "No Magic Release 2022x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2024x Refresh3 HF1",
"status": "affected",
"version": "No Magic Release 2024x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2026x Golden HF2",
"status": "affected",
"version": "No Magic Release 2026x Golden",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Magic Collaboration Studio",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "CATIA Magic Release 2022x Refresh2 HF3",
"status": "affected",
"version": "CATIA Magic Release 2022x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "CATIA Magic Release 2024x Refresh3 HF1",
"status": "affected",
"version": "CATIA Magic Release 2024x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "CATIA Magic Release 2026x Golden HF2",
"status": "affected",
"version": "CATIA Magic Release 2026x Golden",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tyler Harkness"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution."
}
],
"value": "A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T07:45:34.201Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2026-7858"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2026-7858",
"datePublished": "2026-06-01T07:45:34.201Z",
"dateReserved": "2026-05-05T11:42:41.151Z",
"dateUpdated": "2026-06-01T13:10:31.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7871 (GCVE-0-2026-7871)
Vulnerability from cvelistv5 – Published: 2026-06-30 19:14 – Updated: 2026-07-01 17:27- CWE-502 - Deserialization of Untrusted Data
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7278443 | vendor-advisorypatch |
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Langflow OSS |
Affected:
1.0.0 , ≤ 1.10.0
(semver)
cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7871",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T03:55:59.702565Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T17:27:39.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*"
],
"product": "Langflow OSS",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "1.10.0",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity.\u003c/p\u003e"
}
],
"value": "IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T19:14:39.815Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7278443"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.10.1\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading Langflow OSS to version 1.10.1 https://pypi.org/project/langflow/"
}
],
"title": "Insecure Deserialization in Redis Cache Backend",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-7871",
"datePublished": "2026-06-30T19:14:39.815Z",
"dateReserved": "2026-05-05T14:14:39.413Z",
"dateUpdated": "2026-07-01T17:27:39.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7888 (GCVE-0-2026-7888)
Vulnerability from cvelistv5 – Published: 2026-06-03 18:10 – Updated: 2026-06-03 19:07- CWE-502 - Deserialization of untrusted data
| URL | Tags |
|---|---|
| https://documentation.concretecms.org/9-x/develop… | release-notes |
| Vendor | Product | Version | |
|---|---|---|---|
| Concrete CMS | Concrete CMS |
Affected:
5.0 , < 9.5.2
(git)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7888",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-03T19:07:44.886735Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T19:07:56.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/concretecms/concretecms",
"defaultStatus": "unaffected",
"product": "Concrete CMS",
"repo": "https://github.com/concretecms/concretecms",
"vendor": "Concrete CMS",
"versions": [
{
"lessThan": "9.5.2",
"status": "affected",
"version": "5.0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "remediation developer",
"value": "XananasX7"
},
{
"lang": "en",
"type": "finder",
"value": "Sanjorn Keeratirungsan (dizconnect)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via \u003ccode\u003eunserialize()\u003c/code\u003e calls in the Workflow, Form block, and File/Set components that lack the \u003ccode\u003eallowed_classes\u003c/code\u003e restriction. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7 and\u0026nbsp;Sanjorn Keeratirungsan\u0026nbsp;(dizconnect) for both independently reporting. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 8.4 with vector CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N."
}
],
"value": "Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that lack the allowed_classes restriction. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7 and\u00a0Sanjorn Keeratirungsan\u00a0(dizconnect) for both independently reporting. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 8.4 with vector CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of untrusted data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T18:10:10.917Z",
"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"shortName": "ConcreteCMS"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/952-release-notes"
}
],
"source": {
"advisory": "https://hackerone.com/reports/3756743",
"defect": [
"HackerOne"
],
"discovery": "EXTERNAL"
},
"title": "Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that lack the allowed_classes restriction.",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"assignerShortName": "ConcreteCMS",
"cveId": "CVE-2026-7888",
"datePublished": "2026-06-03T18:10:10.917Z",
"dateReserved": "2026-05-05T20:23:08.863Z",
"dateUpdated": "2026-06-03T19:07:56.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phases: Architecture and Design, Implementation
Description:
- If available, use the signing/sealing features of the programming language to assure that deserialized data has not been tainted. For example, a hash-based message authentication code (HMAC) could be used to ensure that data has not been modified.
Mitigation
Phase: Implementation
Description:
- When deserializing data, populate a new object rather than just deserializing. The result is that the data flows through safe input validation and that the functions are safe.
Mitigation
Phase: Implementation
Description:
- Explicitly define a final object() to prevent deserialization.
Mitigation
Phases: Architecture and Design, Implementation
Description:
- Make fields transient to protect them from deserialization.
- An attempt to serialize and then deserialize a class containing transient fields will result in NULLs where the transient data should be. This is an excellent way to prevent time, environment-based, or sensitive variables from being carried over and used improperly.
Mitigation
Phase: Implementation
Description:
- Avoid having unnecessary types or gadgets (a sequence of instances and method invocations that can self-execute during the deserialization process, often found in libraries) available that can be leveraged for malicious ends. This limits the potential for unintended or unauthorized types and gadgets to be leveraged by the attacker. Add only acceptable classes to an allowlist. Note: new gadgets are constantly being discovered, so this alone is not a sufficient mitigation.
Mitigation
Phases: Architecture and Design, Implementation
Description:
- Employ cryptography of the data or code for protection. However, it's important to note that it would still be client-side security. This is risky because if the client is compromised then the security implemented on the client (the cryptography) can be bypassed.
Mitigation ID: MIT-29
Phase: Operation
Strategy: Firewall
Description:
- Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].
CAPEC-586: Object Injection
An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.