CVE-2026-3967 in Activitiالمعلومات

الملخص

بحسب MITRE • 12/03/2026

A flaw has been found in Alfresco Activiti up to 7.19/8.8.0. Affected by this issue is the function deserialize/createObjectInputStream of the file activiti-core/activiti-engine/src/main/java/org/activiti/engine/impl/variable/SerializableType.java of the component Process Variable Serialization System. This manipulation causes deserialization. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

مسؤول

VulDB

إفشاء

12/03/2026

الاعتدال

تمت الموافقة

إدخال

VDB-350396

استغلال

تحميل

EPSS

0.00242

KEV

لا

النشاطات

منخفض جدًا

المصادر

Interested in the pricing of exploits?

See the underground prices here!