Cwe 502

🧬 CWE Related 70
slug: cwe-502

Explanation

CWE-502は「シリアライズされたデータ (オブジェクトをバイト列に変換したもの) を信頼せずに復元 (デシリアライズ) してしまう」欠陥です。 Java・Python・PHP・.NETなどで、攻撃者が細工したオブジェクトを送ると任意コード実行されてしまうため、Webサーバー乗っ取りの典型ルートです。
📌 Example
CVE-2017-9805 (Apache Struts2 REST Plugin): XMLデシリアライズによるRCEで、Equifax事件 (1.4億人個人情報流出) の直接原因となった。

🔖 Related tags

🛡 Vulnerabilities tagged with this 492

ID Title
CVE-2026-33264 Unsafe Deserialization in apache (CVE-2026-33264)
CVE-2026-43825 Unsafe Deserialization in apache (CVE-2026-43825)
CVE-2026-46590 Unsafe Deserialization in apache (CVE-2026-46590)
CVE-2026-40859 Unsafe Deserialization in apache (CVE-2026-40859)
CVE-2026-43867 Unsafe Deserialization in apache (CVE-2026-43867)
CVE-2026-43865 Unsafe Deserialization in csharp (CVE-2026-43865)
CVE-2026-43866 Unsafe Deserialization in apache (CVE-2026-43866)
CVE-2026-42527 Unsafe Deserialization in csharp (CVE-2026-42527)
CVE-2026-14723 Vulnerability in deserialization (CVE-2026-14723)
CVE-2026-14637 Vulnerability in deserialization (CVE-2026-14637)
CVE-2026-14534 Vulnerability in c (CVE-2026-14534)
CVE-2025-71375 Unsafe Deserialization in CVE-2025-71375 (CVE-2025-71375)
CVE-2025-71372 Unsafe Deserialization in CVE-2025-71372 (CVE-2025-71372)
CVE-2025-71356 Unsafe Deserialization in CVE-2025-71356 (CVE-2025-71356)
CVE-2025-71359 Unsafe Deserialization in deserialization (CVE-2025-71359)
CVE-2025-71367 Unsafe Deserialization in CVE-2025-71367 (CVE-2025-71367)
CVE-2025-71369 Unsafe Deserialization in deserialization (CVE-2025-71369)
CVE-2025-71360 Unsafe Deserialization in CVE-2025-71360 (CVE-2025-71360)
CVE-2025-71362 Unsafe Deserialization in deserialization (CVE-2025-71362)
CVE-2025-71364 Unsafe Deserialization in CVE-2025-71364 (CVE-2025-71364)
CVE-2025-71366 Unsafe Deserialization in CVE-2025-71366 (CVE-2025-71366)
CVE-2025-71342 Unsafe Deserialization in CVE-2025-71342 (CVE-2025-71342)
CVE-2025-71343 Unsafe Deserialization in CVE-2025-71343 (CVE-2025-71343)
CVE-2025-71347 Unsafe Deserialization in deserialization (CVE-2025-71347)
CVE-2025-71345 Unsafe Deserialization in deserialization (CVE-2025-71345)
CVE-2025-71353 Unsafe Deserialization in CVE-2025-71353 (CVE-2025-71353)
CVE-2026-12481 Unsafe Deserialization in deserialization (CVE-2026-12481)
CVE-2026-13371 Unsafe Deserialization in deserialization (CVE-2026-13371)
CVE-2026-57677 Unsafe Deserialization in CVE-2026-57677 (CVE-2026-57677)
CVE-2026-57621 Unauthenticated PHP Object Injection in Booktics <= 1.0.21 versions.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →