A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
This CVE is referenced in a KISA security bulletin (Korean only).
| Source | CVSS Version | Base Score | Severity | Vector String | Assessment Date |
|---|---|---|---|---|---|
| NVDNIST | 3.1 | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 04/20/2026 |
| NVDNIST | 3.0 | 9.8 |
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 04/20/2026 |