Cwe 502

🧬 CWE Related 70

slug: cwe-502

Explanation

CWE-502は「シリアライズされたデータ (オブジェクトをバイト列に変換したもの) を信頼せずに復元 (デシリアライズ) してしまう」欠陥です。 Java・Python・PHP・.NETなどで、攻撃者が細工したオブジェクトを送ると任意コード実行されてしまうため、Webサーバー乗っ取りの典型ルートです。

📌 Example

CVE-2017-9805 (Apache Struts2 REST Plugin): XMLデシリアライズによるRCEで、Equifax事件 (1.4億人個人情報流出) の直接原因となった。

🔗 Related links

MITRE CWE-502 公式ページ ↗

🔖 Related tags

Cwe 20125 Cwe 78120 Cwe 787105 Cwe 41699 Cwe 2296 Cwe 11990 Cwe 9484 Cwe 7966 Cwe 8954 Cwe 91844 Cwe 28443 Cwe 28741 Cwe 7740 Cwe 30638 Cwe 84337

🛡 Vulnerabilities tagged with this 71

ID	Title	Severity	Detected
CVE-2026-41486	Code Injection in CVE-2026-41486 (CVE-2026-41486)		1 day ago
CVE-2026-44126	Unsafe Deserialization in CVE-2026-44126 (CVE-2026-44126)		1 day ago
CVE-2026-5127	Unsafe Deserialization in wordpress (CVE-2026-5127)	High	1 day ago
CVE-2025-69691	Vulnerability in pfsense (CVE-2025-69691)	Critical	1 day ago
CVE-2025-69690	Unsafe Deserialization in deserialization (CVE-2025-69690)	Critical	1 day ago
CVE-2024-53326	Unsafe Deserialization in deserialization (CVE-2024-53326)	High	1 day ago
CVE-2026-34084	Unsafe Deserialization in phpoffice/phpspreadsheet (CVE-2026-34084)	Critical	4 days ago
CVE-2023-21529 KEV	[KEV] Unsafe Deserialization in Microsoft exchange-server (CVE-2023-21529)	High	3 weeks ago
CVE-2026-20131 KEV	[KEV] Unsafe Deserialization in Cisco secure-firewall-management-center-fmc (CVE-2026-20131)	High	1 month ago
CVE-2026-20963 KEV	[KEV] Unsafe Deserialization in Microsoft sharepoint (CVE-2026-20963)	High	1 month ago
CVE-2025-26399 KEV	[KEV] Unsafe Deserialization in Solarwinds web-help-desk (CVE-2025-26399)	High	2 months ago
CVE-2025-49113 KEV	[KEV] Unsafe Deserialization in Roundcube webmail (CVE-2025-49113)	High	2 months ago
CVE-2025-40551 KEV	[KEV] Unsafe Deserialization in Solarwinds web-help-desk (CVE-2025-40551)	High	3 months ago
CVE-2025-59287 KEV	[KEV] Unsafe Deserialization in Microsoft windows (CVE-2025-59287)	High	6 months ago
CVE-2025-10035 KEV	[KEV] Unsafe Deserialization in Fortra goanywhere-mft (CVE-2025-10035)	High	7 months ago
CVE-2025-5086 KEV	[KEV] Unsafe Deserialization in Dassault systèmes dassault-systemes (CVE-2025-5086)	High	7 months ago
CVE-2025-53690 KEV	[KEV] Unsafe Deserialization in Sitecore multiple-products (CVE-2025-53690)	High	8 months ago
CVE-2024-8069 KEV	[KEV] Unsafe Deserialization in Citrix session-recording (CVE-2024-8069)	High	8 months ago
CVE-2025-53770 KEV	[KEV] Unsafe Deserialization in Microsoft sharepoint (CVE-2025-53770)	High	9 months ago
CVE-2025-24016 KEV	[KEV] Unsafe Deserialization in wazuh (CVE-2025-24016)	High	10 months ago
CVE-2025-42999 KEV	[KEV] Unsafe Deserialization in Sap netweaver (CVE-2025-42999)	High	11 months ago
CVE-2025-24813 KEV	[KEV] Vulnerability in Apache tomcat (CVE-2025-24813)	High	1 year ago
CVE-2019-9875 KEV	[KEV] Unsafe Deserialization in Sitecore cms-and-experience-platform-xp (CVE-2019-9875)	High	1 year ago
CVE-2019-9874 KEV	[KEV] Unsafe Deserialization in Sitecore cms-and-experience-platform-xp (CVE-2019-9874)	High	1 year ago
CVE-2017-3066 KEV	[KEV] Unsafe Deserialization in Adobe coldfusion (CVE-2017-3066)	High	1 year ago
CVE-2024-20953 KEV	[KEV] Unsafe Deserialization in Oracle agile-product-lifecycle-management-plm (CVE-2024-20953)	High	1 year ago
CVE-2025-0994 KEV	[KEV] Unsafe Deserialization in Trimble cityworks (CVE-2025-0994)	High	1 year ago
CVE-2025-23006 KEV	[KEV] Unsafe Deserialization in Sonicwall sma1000-appliances (CVE-2025-23006)	High	1 year ago
CVE-2024-38094 KEV	[KEV] Unsafe Deserialization in Microsoft sharepoint (CVE-2024-38094)	High	1 year ago
CVE-2024-40711 KEV	[KEV] Unsafe Deserialization in Veeam backup-replication (CVE-2024-40711)	High	1 year ago

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →