Cwe 502

🧬 CWE Related 70
slug: cwe-502

Explanation

CWE-502は「シリアライズされたデータ (オブジェクトをバイト列に変換したもの) を信頼せずに復元 (デシリアライズ) してしまう」欠陥です。 Java・Python・PHP・.NETなどで、攻撃者が細工したオブジェクトを送ると任意コード実行されてしまうため、Webサーバー乗っ取りの典型ルートです。
📌 Example
CVE-2017-9805 (Apache Struts2 REST Plugin): XMLデシリアライズによるRCEで、Equifax事件 (1.4億人個人情報流出) の直接原因となった。

🔖 Related tags

🛡 Vulnerabilities tagged with this 492

ID Title
CVE-2026-57527 Unsafe Deserialization in deserialization (CVE-2026-57527)
CVE-2026-56055 Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions.
CVE-2026-56057 Subscriber PHP Object Injection in Uncanny Automator Pro <= 7.3.0.6 versions.
CVE-2026-56032 Subscriber PHP Object Injection in Buddyboss Platform <= 3.0.4 versions.
CVE-2026-56031 Unauthenticated PHP Object Injection in Uncanny Automator <= 7.3.1.2 versions.
CVE-2026-53914 Unsafe Deserialization in deserialization (CVE-2026-53914)
CVE-2026-12578 Unsafe Deserialization in cisa (CVE-2026-12578)
CVE-2025-71340 Unsafe Deserialization in CVE-2025-71340 (CVE-2025-71340)
CVE-2026-56053 Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions.
CVE-2026-10043 Unsafe Deserialization in deserialization (CVE-2026-10043)
CVE-2026-56121 Unsafe Deserialization in deserialization (CVE-2026-56121)
CVE-2026-54512 Vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54512)
CVE-2026-41862 Unsafe Deserialization in CVE-2026-41862 (CVE-2026-41862)
CVE-2026-39253 Unsafe Deserialization in CVE-2026-39253 (CVE-2026-39253)
CVE-2025-71376 Unsafe Deserialization in CVE-2025-71376 (CVE-2025-71376)
CVE-2025-71370 Unsafe Deserialization in CVE-2025-71370 (CVE-2025-71370)
CVE-2025-71365 Unsafe Deserialization in CVE-2025-71365 (CVE-2025-71365)
CVE-2025-71341 Unsafe Deserialization in CVE-2025-71341 (CVE-2025-71341)
CVE-2026-48517 Vulnerability in MessagePack (CVE-2026-48517)
CVE-2026-48502 Out-of-Bounds Read in MessagePack (CVE-2026-48502)
CVE-2026-46607 Unsafe Deserialization in glances (CVE-2026-46607)
CVE-2025-71357 Unsafe Deserialization in mmaitre314 (CVE-2025-71357)
CVE-2025-71378 Unsafe Deserialization in mmaitre314 (CVE-2025-71378)
CVE-2025-71348 Unsafe Deserialization in mmaitre314 (CVE-2025-71348)
CVE-2026-12787 Vulnerability in deserialization (CVE-2026-12787)
CVE-2026-56304 Unsafe Deserialization in dos (CVE-2026-56304)
CVE-2026-48909 Unsafe Deserialization in CVE-2026-48909 (CVE-2026-48909)
CVE-2026-49286 Unsafe Deserialization in pontedilana/php-weasyprint (CVE-2026-49286)
CVE-2026-12046 Vulnerability in flask (CVE-2026-12046)
CVE-2026-8024 Unsafe Deserialization in deserialization (CVE-2026-8024)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →