CVE-2026-25358

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions rascals Meloo versions prior to 2.8.2

Description An issue exists in rascals Meloo related to the deserialization of untrusted data, which allows for object injection. The deserialization process does not properly validate the incoming data, potentially enabling an attacker to inject malicious objects.

Recommendations Update rascals Meloo to version 2.8.2 or later.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2026-25358

Affected Products

Rascals Meloo

CVE-2026-25358

Weakness Enumeration

Related Identifiers

Affected Products

References · 3