Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by USCiLab
CVE-2026-11463 (GCVE-0-2026-11463)
Vulnerability from cvelistv5 – Published: 2026-06-07 22:15 – Updated: 2026-06-09 14:39
VLAI
Title
USCiLab Cereal Shared Pointer type confusion
Summary
A vulnerability was determined in USCiLab Cereal up to 1.3.2. Affected is an unknown function of the component Shared Pointer Handler. Executing a manipulation can lead to type confusion. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-843 - Type Confusion
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369083 | vdb-entry |
| https://vuldb.com/vuln/369083/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11463 | third-party-advisory |
| https://vuldb.com/submit/814456 | third-party-advisory |
| https://github.com/USCiLab/cereal/issues/870 | issue-tracking |
| https://gist.github.com/TrebledJ/0223c1fa3c3fd64e… | exploit |
| https://github.com/USCiLab/cereal/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11463",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T14:39:29.398069Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T14:39:38.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:uscilab:cereal:*:*:*:*:*:*:*:*"
],
"modules": [
"Shared Pointer Handler"
],
"product": "Cereal",
"vendor": "USCiLab",
"versions": [
{
"status": "affected",
"version": "1.3.0"
},
{
"status": "affected",
"version": "1.3.1"
},
{
"status": "affected",
"version": "1.3.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "trebledj (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in USCiLab Cereal up to 1.3.2. Affected is an unknown function of the component Shared Pointer Handler. Executing a manipulation can lead to type confusion. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "Type Confusion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-07T22:15:12.845Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369083 | USCiLab Cereal Shared Pointer type confusion",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/369083"
},
{
"name": "VDB-369083 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369083/cti"
},
{
"name": "CVE-2026-11463 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11463"
},
{
"name": "Submit #814456 | USCiLab cereal 1.3.2 CWE-1287, CWE-843 (Type Confusion)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/814456"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/USCiLab/cereal/issues/870"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/TrebledJ/0223c1fa3c3fd64e2c7047b8a4385ec0"
},
{
"tags": [
"product"
],
"url": "https://github.com/USCiLab/cereal/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-07T09:50:24.000Z",
"value": "VulDB entry last update"
}
],
"title": "USCiLab Cereal Shared Pointer type confusion"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11463",
"datePublished": "2026-06-07T22:15:12.845Z",
"dateReserved": "2026-06-07T07:45:12.676Z",
"dateUpdated": "2026-06-09T14:39:38.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}