Sign in Sign up
JA · EN · FR
SecPulse

Cwe 502

🧬 CWE Related 70
slug: cwe-502

Explanation

CWE-502は「シリアライズされたデータ (オブジェクトをバイト列に変換したもの) を信頼せずに復元 (デシリアライズ) してしまう」欠陥です。 Java・Python・PHP・.NETなどで、攻撃者が細工したオブジェクトを送ると任意コード実行されてしまうため、Webサーバー乗っ取りの典型ルートです。
📌 Example
CVE-2017-9805 (Apache Struts2 REST Plugin): XMLデシリアライズによるRCEで、Equifax事件 (1.4億人個人情報流出) の直接原因となった。
🔗 Related links

🔖 Related tags

Cwe 20125 Cwe 78120 Cwe 787105 Cwe 41699 Cwe 2296 Cwe 11990 Cwe 9484 Cwe 7966 Cwe 8954 Cwe 91844 Cwe 28443 Cwe 28741 Cwe 7740 Cwe 30638 Cwe 84337

🛡 Vulnerabilities tagged with this 71

ID Title
CVE-2026-41486 Code Injection in CVE-2026-41486 (CVE-2026-41486)
CVE-2026-44126 Unsafe Deserialization in CVE-2026-44126 (CVE-2026-44126)
CVE-2026-5127 Unsafe Deserialization in wordpress (CVE-2026-5127)
CVE-2025-69691 Vulnerability in pfsense (CVE-2025-69691)
CVE-2025-69690 Unsafe Deserialization in deserialization (CVE-2025-69690)
CVE-2024-53326 Unsafe Deserialization in deserialization (CVE-2024-53326)
CVE-2026-34084 Unsafe Deserialization in phpoffice/phpspreadsheet (CVE-2026-34084)
CVE-2023-21529 KEV [KEV] Unsafe Deserialization in Microsoft exchange-server (CVE-2023-21529)
CVE-2026-20131 KEV [KEV] Unsafe Deserialization in Cisco secure-firewall-management-center-fmc (CVE-2026-20131)
CVE-2026-20963 KEV [KEV] Unsafe Deserialization in Microsoft sharepoint (CVE-2026-20963)
CVE-2025-26399 KEV [KEV] Unsafe Deserialization in Solarwinds web-help-desk (CVE-2025-26399)
CVE-2025-49113 KEV [KEV] Unsafe Deserialization in Roundcube webmail (CVE-2025-49113)
CVE-2025-40551 KEV [KEV] Unsafe Deserialization in Solarwinds web-help-desk (CVE-2025-40551)
CVE-2025-59287 KEV [KEV] Unsafe Deserialization in Microsoft windows (CVE-2025-59287)
CVE-2025-10035 KEV [KEV] Unsafe Deserialization in Fortra goanywhere-mft (CVE-2025-10035)
CVE-2025-5086 KEV [KEV] Unsafe Deserialization in Dassault systèmes dassault-systemes (CVE-2025-5086)
CVE-2025-53690 KEV [KEV] Unsafe Deserialization in Sitecore multiple-products (CVE-2025-53690)
CVE-2024-8069 KEV [KEV] Unsafe Deserialization in Citrix session-recording (CVE-2024-8069)
CVE-2025-53770 KEV [KEV] Unsafe Deserialization in Microsoft sharepoint (CVE-2025-53770)
CVE-2025-24016 KEV [KEV] Unsafe Deserialization in wazuh (CVE-2025-24016)
CVE-2025-42999 KEV [KEV] Unsafe Deserialization in Sap netweaver (CVE-2025-42999)
CVE-2025-24813 KEV [KEV] Vulnerability in Apache tomcat (CVE-2025-24813)
CVE-2019-9875 KEV [KEV] Unsafe Deserialization in Sitecore cms-and-experience-platform-xp (CVE-2019-9875)
CVE-2019-9874 KEV [KEV] Unsafe Deserialization in Sitecore cms-and-experience-platform-xp (CVE-2019-9874)
CVE-2017-3066 KEV [KEV] Unsafe Deserialization in Adobe coldfusion (CVE-2017-3066)
CVE-2024-20953 KEV [KEV] Unsafe Deserialization in Oracle agile-product-lifecycle-management-plm (CVE-2024-20953)
CVE-2025-0994 KEV [KEV] Unsafe Deserialization in Trimble cityworks (CVE-2025-0994)
CVE-2025-23006 KEV [KEV] Unsafe Deserialization in Sonicwall sma1000-appliances (CVE-2025-23006)
CVE-2024-38094 KEV [KEV] Unsafe Deserialization in Microsoft sharepoint (CVE-2024-38094)
CVE-2024-40711 KEV [KEV] Unsafe Deserialization in Veeam backup-replication (CVE-2024-40711)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →