Cwe 502

🧬 CWE Related 70
slug: cwe-502

Explanation

CWE-502は「シリアライズされたデータ (オブジェクトをバイト列に変換したもの) を信頼せずに復元 (デシリアライズ) してしまう」欠陥です。 Java・Python・PHP・.NETなどで、攻撃者が細工したオブジェクトを送ると任意コード実行されてしまうため、Webサーバー乗っ取りの典型ルートです。
📌 Example
CVE-2017-9805 (Apache Struts2 REST Plugin): XMLデシリアライズによるRCEで、Equifax事件 (1.4億人個人情報流出) の直接原因となった。

🔖 Related tags

🛡 Vulnerabilities tagged with this 492

ID Title
CVE-2026-27414 Contributor PHP Object Injection in Werkstatt <= 4.8.3 versions.
CVE-2026-56037 Unsafe Deserialization in deserialization (CVE-2026-56037)
CVE-2026-27060 Contributor PHP Object Injection in ARMember Premium <= 7.0 versions.
CVE-2026-51947 Unsafe Deserialization in CVE-2026-51947 (CVE-2026-51947)
CVE-2026-55153 Vulnerability in deserialization (CVE-2026-55153)
CVE-2026-14265 Unsafe Deserialization in Amazon aws (CVE-2026-14265)
CVE-2026-58127 Vulnerability in csharp (CVE-2026-58127)
CVE-2026-58126 Vulnerability in csharp (CVE-2026-58126)
CVE-2026-58025 Code Injection in deserialization (CVE-2026-58025)
CVE-2026-24250 Unsafe Deserialization in nvidia (CVE-2026-24250)
CVE-2026-24251 Unsafe Deserialization in nvidia (CVE-2026-24251)
CVE-2026-24240 Unsafe Deserialization in deserialization (CVE-2026-24240)
CVE-2026-24243 Unsafe Deserialization in deserialization (CVE-2026-24243)
CVE-2026-24247 Unsafe Deserialization in deserialization (CVE-2026-24247)
CVE-2026-24244 Unsafe Deserialization in deserialization (CVE-2026-24244)
CVE-2026-24245 Unsafe Deserialization in deserialization (CVE-2026-24245)
CVE-2026-57516 Unsafe Deserialization in deserialization (CVE-2026-57516)
CVE-2026-10538 Unsafe Deserialization in deserialization (CVE-2026-10538)
CVE-2026-56700 OS Command Injection in CVE-2026-56700 (CVE-2026-56700)
CVE-2025-71374 Unsafe Deserialization in deserialization (CVE-2025-71374)
CVE-2025-71363 Unsafe Deserialization in deserialization (CVE-2025-71363)
CVE-2025-71350 Unsafe Deserialization in c (CVE-2025-71350)
CVE-2025-71349 Unsafe Deserialization in CVE-2025-71349 (CVE-2025-71349)
CVE-2025-71368 Unsafe Deserialization in CVE-2025-71368 (CVE-2025-71368)
CVE-2025-71371 Unsafe Deserialization in CVE-2025-71371 (CVE-2025-71371)
CVE-2026-55223 Unsafe Deserialization in apache (CVE-2026-55223)
CVE-2026-7871 Unsafe Deserialization in langflow (CVE-2026-7871)
CVE-2026-13759 Unsafe Deserialization in ibm (CVE-2026-13759)
CVE-2026-12240 Unsafe Deserialization in wordpress (CVE-2026-12240)
CVE-2026-46386 Unsafe Deserialization in rails (CVE-2026-46386)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →