Cwe 502

🧬 CWE Related 70
slug: cwe-502

Explanation

CWE-502は「シリアライズされたデータ (オブジェクトをバイト列に変換したもの) を信頼せずに復元 (デシリアライズ) してしまう」欠陥です。 Java・Python・PHP・.NETなどで、攻撃者が細工したオブジェクトを送ると任意コード実行されてしまうため、Webサーバー乗っ取りの典型ルートです。
📌 Example
CVE-2017-9805 (Apache Struts2 REST Plugin): XMLデシリアライズによるRCEで、Equifax事件 (1.4億人個人情報流出) の直接原因となった。

🔖 Related tags

🛡 Vulnerabilities tagged with this 492

ID Title
CVE-2026-40357 Unsafe Deserialization in deserialization (CVE-2026-40357)
CVE-2026-33110 Unsafe Deserialization in deserialization (CVE-2026-33110)
CVE-2026-33112 Unsafe Deserialization in deserialization (CVE-2026-33112)
CVE-2026-31237 Unsafe Deserialization in ludwig (CVE-2026-31237)
CVE-2026-31238 Unsafe Deserialization in ludwig (CVE-2026-31238)
CVE-2026-31235 Unsafe Deserialization in imgaug (CVE-2026-31235)
CVE-2026-31239 Unsafe Deserialization in mamba-ssm (CVE-2026-31239)
CVE-2026-31229 Unsafe Deserialization in deserialization (CVE-2026-31229)
CVE-2026-31234 Unsafe Deserialization in horovod (CVE-2026-31234)
CVE-2026-31232 Unsafe Deserialization in deserialization (CVE-2026-31232)
CVE-2026-31221 Unsafe Deserialization in pytorch-lightning (CVE-2026-31221)
CVE-2026-31222 Unsafe Deserialization in snorkel (CVE-2026-31222)
CVE-2026-31223 Unsafe Deserialization in snorkel (CVE-2026-31223)
CVE-2026-31224 Unsafe Deserialization in snorkel (CVE-2026-31224)
CVE-2026-31214 Unsafe Deserialization in deserialization (CVE-2026-31214)
CVE-2026-31218 Unsafe Deserialization in deserialization (CVE-2026-31218)
CVE-2026-31219 Unsafe Deserialization in deserialization (CVE-2026-31219)
CVE-2026-3048 Unsafe Deserialization in CVE-2026-3048 (CVE-2026-3048)
CVE-2026-31249 Unsafe Deserialization in deserialization (CVE-2026-31249)
CVE-2026-31250 Unsafe Deserialization in deserialization (CVE-2026-31250)
CVE-2026-31253 Code Injection in flash_attn (CVE-2026-31253)
CVE-2026-7818 Unsafe Deserialization in pgadmin4 (CVE-2026-7818)
CVE-2026-44843 Unsafe Deserialization in langchain-core (CVE-2026-44843)
CVE-2026-41486 Code Injection in ray (CVE-2026-41486)
CVE-2026-44126 Unsafe Deserialization in CVE-2026-44126 (CVE-2026-44126)
CVE-2026-5127 Unsafe Deserialization in wordpress (CVE-2026-5127)
CVE-2025-69690 Unsafe Deserialization in deserialization (CVE-2025-69690)
CVE-2025-69691 Vulnerability in pfsense (CVE-2025-69691)
CVE-2024-53326 Unsafe Deserialization in deserialization (CVE-2024-53326)
CVE-2022-21549 Unsafe Deserialization in java (CVE-2022-21549)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →