Cwe 502

🧬 CWE Related 70
slug: cwe-502

Explanation

CWE-502は「シリアライズされたデータ (オブジェクトをバイト列に変換したもの) を信頼せずに復元 (デシリアライズ) してしまう」欠陥です。 Java・Python・PHP・.NETなどで、攻撃者が細工したオブジェクトを送ると任意コード実行されてしまうため、Webサーバー乗っ取りの典型ルートです。
📌 Example
CVE-2017-9805 (Apache Struts2 REST Plugin): XMLデシリアライズによるRCEで、Equifax事件 (1.4億人個人情報流出) の直接原因となった。

🔖 Related tags

🛡 Vulnerabilities tagged with this 492

ID Title
CVE-2026-11860 Code Injection in deserialization (CVE-2026-11860)
CVE-2026-12191 Vulnerability in deserialization (CVE-2026-12191)
CVE-2026-50633 Vulnerability in apache (CVE-2026-50633)
CVE-2026-50632 Vulnerability in apache (CVE-2026-50632)
CVE-2025-27511 Vulnerability in org.geoserver.extension:gs-db2 (CVE-2025-27511)
CVE-2026-41699 Unsafe Deserialization in deserialization (CVE-2026-41699)
CVE-2026-20251 Unsafe Deserialization in deserialization (CVE-2026-20251)
CVE-2026-53435 Unsafe Deserialization in jenkins (CVE-2026-53435)
CVE-2026-52751 Unsafe Deserialization in deserialization (CVE-2026-52751)
CVE-2026-10721 Unsafe Deserialization in CVE-2026-10721 (CVE-2026-10721)
CVE-2026-11815 Unsafe Deserialization in CVE-2026-11815 (CVE-2026-11815)
CVE-2026-41732 Unsafe Deserialization in apache (CVE-2026-41732)
CVE-2026-41731 Unsafe Deserialization in org.springframework.kafka:spring-kafka (CVE-2026-41731)
CVE-2026-40993 Unsafe Deserialization in vmware (CVE-2026-40993)
CVE-2026-44963 Unsafe Deserialization in CVE-2026-44963 (CVE-2026-44963)
CVE-2026-45484 Unsafe Deserialization in deserialization (CVE-2026-45484)
CVE-2026-26142 Unsafe Deserialization in deserialization (CVE-2026-26142)
CVE-2026-48560 Cross-Site Scripting (XSS) in microsoft (CVE-2026-48560)
CVE-2026-49740 Unsafe Deserialization in typo3/cms-core (CVE-2026-49740)
CVE-2026-8365 Unsafe Deserialization in wordpress (CVE-2026-8365)
CVE-2026-41855 Unsafe Deserialization in spring (CVE-2026-41855)
CVE-2026-45034 Unsafe Deserialization in phpoffice/phpspreadsheet (CVE-2026-45034)
CVE-2026-7566 Unsafe Deserialization in wordpress (CVE-2026-7566)
CVE-2026-7654 Unsafe Deserialization in wordpress (CVE-2026-7654)
CVE-2026-50589 Vulnerability in openstack (CVE-2026-50589)
CVE-2026-25551 Unsafe Deserialization in csharp (CVE-2026-25551)
CVE-2026-25550 Vulnerability in csharp (CVE-2026-25550)
CVE-2026-50076 Unsafe Deserialization in apache (CVE-2026-50076)
CVE-2026-7888 Unsafe Deserialization in CVE-2026-7888 (CVE-2026-7888)
CVE-2026-47065 Unsafe Deserialization in apache (CVE-2026-47065)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →