PT-2026-4890 · Unknown · Tis-Plugin+1
Titan Team
·
Published
2026-01-27
·
Updated
2026-01-27
·
CVE-2026-24815
CVSS v4.0
10
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:C/RE:M/U:Red |
Name of the Vulnerable Software and Affected Versions
datavane tis versions prior to 4.3.0
Description
An issue exists in datavane tis related to the unrestricted upload of files with dangerous types and deserialization of untrusted data. The issue is associated with the
XmlFile.Java program file within the tis-plugin/src/main/java/com/qlangtech/tis/extension/impl modules.Recommendations
Update to version 4.3.0 or later.
Fix
Deserialization of Untrusted Data
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Datavane Tis
Tis-Plugin