CVE-2026-11463
7.3 HIGHA vulnerability was determined in USCiLab Cereal up to 1.3.2
Published: 2026-06-07 · Last updated: 2026-06-08
Severity and scoring
- CVSS
- 7.3 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-843
Description
A vulnerability was determined in USCiLab Cereal up to 1.3.2. Affected is an unknown function of the component Shared Pointer Handler. Executing a manipulation can lead to type confusion. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-11463
- [Other]https://gist.github.com/TrebledJ/0223c1fa3c3fd64e2c7047b8a4385ec0
- [Other]https://github.com/USCiLab/cereal/
- [Other]https://github.com/USCiLab/cereal/issues/870
- [Other]https://vuldb.com/cve/CVE-2026-11463
- [Other]https://vuldb.com/submit/814456
- [Other]https://vuldb.com/vuln/369083
- [Other]https://vuldb.com/vuln/369083/cti
Related CVEs
Same CWE
- CVE-2026-45641 — Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally (8.4 HIGH)
- CVE-2026-45635 — Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network (8.1 HIGH)
- CVE-2026-45600 — Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate pri... (7.8 HIGH)
- CVE-2026-45456 — Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally (8.4 HIGH)
- CVE-2026-44817 — Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally (7.8 HIGH)