TROYANOSYVIRUS
Voltar para CVEs

CVE-2026-3967

MEDIUM
6.3

Descricao

A flaw has been found in Alfresco Activiti up to 7.19/8.8.0. Affected by this issue is the function deserialize/createObjectInputStream of the file activiti-core/activiti-engine/src/main/java/org/activiti/engine/impl/variable/SerializableType.java of the component Process Variable Serialization System. This manipulation causes deserialization. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Detalhes CVE

Pontuacao CVSS v3.16.3
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado3/12/2026
Ultima modificacao3/12/2026
Fontenvd
Avistamentos honeypot0

Fraquezas (CWE)

CWE-20CWE-502

Referencias

https://github.com/AnalogyC0de/public_exp/issues/16(cna@vuldb.com)
https://vuldb.com/?ctiid.350396(cna@vuldb.com)
https://vuldb.com/?id.350396(cna@vuldb.com)
https://vuldb.com/?submit.768942(cna@vuldb.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.