Cwe 502

🧬 CWE Related 70
slug: cwe-502

Explanation

CWE-502は「シリアライズされたデータ (オブジェクトをバイト列に変換したもの) を信頼せずに復元 (デシリアライズ) してしまう」欠陥です。 Java・Python・PHP・.NETなどで、攻撃者が細工したオブジェクトを送ると任意コード実行されてしまうため、Webサーバー乗っ取りの典型ルートです。
📌 Example
CVE-2017-9805 (Apache Struts2 REST Plugin): XMLデシリアライズによるRCEで、Equifax事件 (1.4億人個人情報流出) の直接原因となった。

🔖 Related tags

🛡 Vulnerabilities tagged with this 492

ID Title
CVE-2026-8135 Unsafe Deserialization in concrete5/concrete5 (CVE-2026-8135)
CVE-2026-48207 Unsafe Deserialization in pyfory (CVE-2026-48207)
CVE-2026-24216 Unsafe Deserialization in dos (CVE-2026-24216)
CVE-2026-7637 Unsafe Deserialization in wordpress (CVE-2026-7637)
CVE-2026-24163 Unsafe Deserialization in dos (CVE-2026-24163)
CVE-2026-24142 Unsafe Deserialization in deserialization (CVE-2026-24142)
CVE-2025-33255 Unsafe Deserialization in dos (CVE-2025-33255)
CVE-2026-6009 Unsafe Deserialization in CVE-2026-6009 (CVE-2026-6009)
CVE-2026-31072 Unsafe Deserialization in apscheduler (CVE-2026-31072)
CVE-2025-51427 Code Injection in modelscope (CVE-2025-51427)
CVE-2026-43633 Unsafe Deserialization in deserialization (CVE-2026-43633)
CVE-2026-46725 Unsafe Deserialization in mmc/ceselector (CVE-2026-46725)
CVE-2026-8727 Unsafe Deserialization in tomasnorre/crawler (CVE-2026-8727)
CVE-2026-33233 Code Injection in deserialization (CVE-2026-33233)
CVE-2026-26978 Unsafe Deserialization in CVE-2026-26978 (CVE-2026-26978)
CVE-2026-45829 Code Injection in chromadb (CVE-2026-45829)
CVE-2026-7304 Unsafe Deserialization in sglang (CVE-2026-7304)
CVE-2026-7301 Unsafe Deserialization in sglang (CVE-2026-7301)
CVE-2026-8751 Vulnerability in deserialization (CVE-2026-8751)
CVE-2026-8735 Vulnerability in deserialization (CVE-2026-8735)
CVE-2021-47952 Code Injection in deserialization (CVE-2021-47952)
CVE-2026-8612 Unsafe Deserialization in oalders (CVE-2026-8612)
CVE-2026-44501 Unsafe Deserialization in react (CVE-2026-44501)
CVE-2026-1184 Unsafe Deserialization in gitlab (CVE-2026-1184)
CVE-2026-41957 Unsafe Deserialization in f5 (CVE-2026-41957)
CVE-2026-45134 Unsafe Deserialization in langsmith (CVE-2026-45134)
CVE-2026-7635 Unsafe Deserialization in wordpress (CVE-2026-7635)
CVE-2026-34659 Unsafe Deserialization in deserialization (CVE-2026-34659)
CVE-2026-35439 Unsafe Deserialization in deserialization (CVE-2026-35439)
CVE-2026-40368 Unsafe Deserialization in deserialization (CVE-2026-40368)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →