Deserialization

Stanza, an NLP library, is vulnerable to remote code execution (CVE-2026-54499) due to an unsafe fallback mechanism when loading PyTorch model files, allowing an attacker who can place a malicious pretrain or model file to achieve arbitrary code execution on systems processing NLP pipelines, leading to credential theft, backdoors, data exfiltration, and lateral movement.

A remote, unauthenticated attacker may exploit a deserialization of untrusted data vulnerability (CVE-2026-8024) in ibaPDA (versions prior to 8.14.0) or ibaDatCoordinator (versions prior to 4.0.7) to gain full access to the affected systems, potentially leading to arbitrary code execution and system compromise.

Manga-image-translator is vulnerable to remote code execution (CVE-2026-10042) in the shared API server mode due to unsafe deserialization of untrusted pickle data, allowing a remote attacker to execute arbitrary code in the server process.

MixPHP Framework 2.2.17 is vulnerable to remote code execution due to unsafe deserialization, with a public exploit available, increasing the risk for unpatched systems.

A critical deserialization of untrusted data vulnerability (CVE-2025-54539) exists in Apache ActiveMQ NMS AMQP Client <= v2.3.0, where an attacker controlling or impersonating an AMQP broker can send malicious serialized data that the client deserializes unsafely, allowing arbitrary code execution on the client system.

Pimcore v11 and earlier is vulnerable to unsafe PHP deserialization in multiple locations due to missing `allowed_classes` restrictions when calling `unserialize()` on data from database columns and filesystem files; an attacker with control over serialized data sources (e.g., via SQL injection or file write vulnerabilities) can inject PHP gadget chains, leading to remote code execution.

CVE-2026-41104 is a critical vulnerability in Microsoft Planetary Computer Pro that allows an unauthorized attacker to disclose information over a network by deserializing untrusted data.

HestiaCP versions 1.9.0 through 1.9.4 are vulnerable to unauthenticated remote code execution due to a deserialization flaw in the web terminal component (CVE-2026-43633), stemming from a session format mismatch between PHP and Node.js, allowing attackers to inject malicious data via HTTP headers.

A deserialization vulnerability exists in h2oai's h2o-3 up to version 7402, specifically within the importBinaryModel function of the h2o-core/src/main/java/hex/Model.java file's JAR Handler component, allowing remote exploitation through manipulation.

jsonpickle version 2.0.0 contains a remote code execution vulnerability, allowing attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects, which invoke the eval function.

An authenticated remote code execution vulnerability (CVE-2026-41957) exists in the F5 BIG-IP and BIG-IQ Configuration utility, potentially leading to arbitrary code execution on affected systems.

The LangSmith SDK is vulnerable to untrusted manifest deserialization when pulling public prompts via `pull_prompt`, potentially leading to SSRF, prompt injection, or sensitive data exposure; CVE-2026-45134.

Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are vulnerable to deserialization of untrusted data, potentially leading to arbitrary code execution if a user interacts with a malicious URL or compromised webpage.

CVE-2026-40368 is a deserialization of untrusted data vulnerability in Microsoft Office SharePoint, allowing an authorized attacker to execute code over a network.

CVE-2026-33110 is a deserialization of untrusted data vulnerability in Microsoft Office SharePoint, allowing an authorized attacker to achieve remote code execution over a network.

Detects suspicious behavior related to SolarWinds Web Help Desk, specifically the loading of untrusted native modules (DLLs) or the spawning of suspicious child processes (cmd, PowerShell, rundll32) by the Java process, potentially indicating exploitation of deserialization vulnerabilities CVE-2025-40536 and CVE-2025-40551.

Sentry 8.2.0 contains a remote code execution vulnerability (CVE-2021-47935) that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter via crafted POST requests to the admin audit log endpoint.

The User Frontend WordPress plugin is vulnerable to authenticated deserialization, allowing subscriber-level attackers to inject PHP objects for potential arbitrary code execution.

The deprecated fabric-sdk-java client SDK is vulnerable to Java deserialization RCE due to the use of ObjectInputStream.readObject() without an ObjectInputFilter in Channel.java, allowing remote code execution if an attacker can supply crafted serialized Channel bytes to the client application.

A critical arbitrary code execution vulnerability (CVE-2026-41635) exists in Apache MINA versions 2.0.0 through 2.0.27, 2.1.0 through 2.1.10, and 2.2.0 through 2.2.5 due to missing class validation in the AbstractIoBuffer.resolveClass() method, potentially allowing attackers to execute arbitrary code on applications using Apache MINA.

A deserialization vulnerability exists in Ruby ERB versions before 4.0.3.1, version 4.0.4, ERB versions 5.0.0 before 6.0.1.1, and ERB versions 6.0.2 before 6.0.4. The `@_init` instance variable guard in `ERB#result` and `ERB#run` can be bypassed via `ERB#def_module`, `ERB#def_method`, and `ERB#def_class`, allowing arbitrary code execution when an ERB object is reconstructed via `Marshal.load` on untrusted data.

Ray Data is vulnerable to remote code execution via Parquet Arrow Extension Type Deserialization; specifically, a maliciously crafted Parquet file can trigger arbitrary code execution due to the unsafe deserialization of Arrow extension metadata, affecting Ray versions 2.49.0 through 2.54.0.

An insecure deserialization vulnerability exists in Progress Telerik UI for AJAX's RadFilter control (versions 2024.4.1114 through 2026.1.421) allowing remote code execution via tampering with the filter state exposed to the client.

A deserialization of untrusted data vulnerability in the MetaSlider Responsive Slider plugin for WordPress (versions up to 3.106.0) allows for unauthenticated object injection, potentially leading to remote code execution.

CVE-2026-6264, a critical deserialization vulnerability in Talend JobServer and Runtime, allows unauthenticated remote code execution via the JMX monitoring port, leading to complete system compromise.

CVE-2026-32192 allows a locally authorized attacker to escalate privileges on a host running the Azure Monitor Agent via deserialization of untrusted data.

CVE-2026-32590 describes a deserialization vulnerability in Red Hat Quay's handling of resumable container image layer uploads, potentially allowing an attacker to execute arbitrary code on the Quay server by tampering with intermediate data stored in the database.

IBM Langflow Desktop versions 1.6.0 through 1.8.2 is vulnerable to arbitrary code execution due to insecure deserialization of untrusted data, allowing an authenticated user to execute code on the system.

NVIDIA DALI contains a deserialization of untrusted data vulnerability, identified as CVE-2026-24156, which may lead to arbitrary code execution.

phpBB is vulnerable to arbitrary file upload (CVE-2019-25685) by exploiting the plupload functionality and phar:// stream wrapper, allowing authenticated attackers to upload crafted zip files containing serialized PHP objects that execute arbitrary code via the imagick parameter.

pyLoad is vulnerable to arbitrary code execution via an unprotected `storage_folder` configuration option, allowing an attacker with `SETTINGS` and `ADD` permissions to write a malicious pickle payload to the Flask session store and execute arbitrary code upon subsequent HTTP requests.

NVIDIA BioNeMo is vulnerable to deserialization of untrusted data (CVE-2026-24164), potentially leading to code execution, denial of service, information disclosure, and data tampering.

CVE-2026-20963, a SharePoint deserialization vulnerability, is under active exploitation and has been added to the CISA Known Exploited Vulnerabilities (KEV) catalog, requiring immediate patching and auditing of potentially compromised data.

PhpSpreadsheet is vulnerable to Server-Side Request Forgery (SSRF) and Remote Code Execution (RCE) due to improper validation of filenames in the IOFactory::load function, exploitable via PHP wrappers like `phar://` and `ftp://`.

The xmldom library is vulnerable to XML node injection, allowing attackers to inject arbitrary XML nodes into serialized output by manipulating comment content; this is mitigated by using the `requireWellFormed` option in `serializeToString` after upgrading to version 0.8.13 or 0.9.10.

LangChain is vulnerable to unsafe deserialization of attacker-controlled objects through overly broad `load()` allowlists, potentially leading to persistent chat-history poisoning, prompt injection, credential disclosure, or server-side requests.

A critical vulnerability, CVE-2025-62373, exists in Pipecat's LivekitFrameSerializer where the deserialize() method uses Python's pickle.loads() on WebSocket data without validation, allowing a malicious WebSocket client to execute arbitrary code on the Pipecat server if LivekitFrameSerializer is explicitly enabled.